stfly.me Open in urlscan Pro
2606:4700:e6::ac40:c20d Public Scan

Go To Rescan
Add Verdict Report

URL:
https://stfly.me/b7dHqrLyJ
Submission: On November 08 via manual (November 8th 2021, 6:40:29 am UTC) from US — Scanned from US

Summary HTTP 70 Redirects Behaviour Indicators

Summary

This website contacted 25 IPs in 2 countries across 19 domains to perform 70 HTTP transactions. The main IP is 2606:4700:e6::ac40:c20d, located in United States and belongs to CLOUDFLARENET, US. The main domain is stfly.me.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on May 19th 2021. Valid for: a year.

This is the only time stfly.me was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
7	2606:4700:e6:... 2606:4700:e6::ac40:c20d	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2607:f8b0:400... 2607:f8b0:4006:816::200a	15169 (GOOGLE) (GOOGLE)
6	2606:4700:303... 2606:4700:3033::ac43:9993	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	139.45.197.238 139.45.197.238	9002 (RETN-AS) (RETN-AS)
1	51.254.89.232 51.254.89.232	16276 (OVH) (OVH)
1	2607:f8b0:400... 2607:f8b0:4006:809::2003	15169 (GOOGLE) (GOOGLE)
3	139.45.197.237 139.45.197.237	9002 (RETN-AS) (RETN-AS)
5	139.45.197.239 139.45.197.239	9002 (RETN-AS) (RETN-AS)
2	139.45.195.8 139.45.195.8	9002 (RETN-AS) (RETN-AS)
6	2606:4700:303... 2606:4700:3036::ac43:859c	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	142.251.40.226 142.251.40.226	15169 (GOOGLE) (GOOGLE)
2	2620:116:800b... 2620:116:800b:21:f803:c51b:4d23:ce8c	14618 (AMAZON-AES) (AMAZON-AES)
1	2600:9000:21d... 2600:9000:21dd:9600:6:44e3:f8c0:93a1	16509 (AMAZON-02) (AMAZON-02)
1	2607:f8b0:400... 2607:f8b0:4006:81c::2002	15169 (GOOGLE) (GOOGLE)
2	2607:f8b0:400... 2607:f8b0:4006:80e::2001	15169 (GOOGLE) (GOOGLE)
2	2607:f8b0:400... 2607:f8b0:4006:824::2002	15169 (GOOGLE) (GOOGLE)
6	2607:f8b0:400... 2607:f8b0:4006:816::2001	15169 (GOOGLE) (GOOGLE)
1	2607:f8b0:400... 2607:f8b0:4006:816::2004	15169 (GOOGLE) (GOOGLE)
3 14	142.250.64.66 142.250.64.66	15169 (GOOGLE) (GOOGLE)
2	2607:f8b0:400... 2607:f8b0:4006:80b::2002	15169 (GOOGLE) (GOOGLE)
1	2607:f8b0:400... 2607:f8b0:4006:81d::2002	15169 (GOOGLE) (GOOGLE)
2 4	23.41.168.244 23.41.168.244	16625 (AKAMAI-AS) (AKAMAI-AS)
3 4	68.67.160.117 68.67.160.117	29990 (ASN-APPNEX) (ASN-APPNEX)
1	2607:f8b0:400... 2607:f8b0:4006:80c::2006	15169 (GOOGLE) (GOOGLE)
70	25

7 2606:4700:e6::ac40:c20d (United States)

ASN13335 (CLOUDFLARENET, US)

stfly.me	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4006:816::200a (United States)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2606:4700:3033::ac43:9993 (United States)

ASN13335 (CLOUDFLARENET, US)

account.adstripe.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 139.45.197.238 (United Kingdom)

ASN9002 (RETN-AS, GB)

omchanseyr.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 51.254.89.232 (Gainsborough, United Kingdom)

ASN16276 (OVH, FR)
PTR: ip232.ip-51-254-89.eu

gimpybedderump.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4006:809::2003 (United States)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 139.45.197.237 (United Kingdom)

ASN9002 (RETN-AS, GB)

dozubatan.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 139.45.197.239 (United Kingdom)

ASN9002 (RETN-AS, GB)

toglooman.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 139.45.195.8 (United Kingdom)

ASN9002 (RETN-AS, GB)

my.rtmark.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2606:4700:3036::ac43:859c (United States)

ASN13335 (CLOUDFLARENET, US)

itsguider.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 142.251.40.226 (United States)

ASN15169 (GOOGLE, US)
PTR: lga34s39-in-f2.1e100.net

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2620:116:800b:21:f803:c51b:4d23:ce8c (United States)

ASN14618 (AMAZON-AES, US)

secure.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pixel.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:21dd:9600:6:44e3:f8c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

rules.quantcount.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4006:81c::2002 (United States)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2607:f8b0:4006:80e::2001 (United States)

ASN15169 (GOOGLE, US)

27f6f28936d67bc1ab6b03410a182a10.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2607:f8b0:4006:824::2002 (United States)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2607:f8b0:4006:816::2001 (United States)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4006:816::2004 (United States)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 142.250.64.66 (United States) 3 redirects

ASN15169 (GOOGLE, US)
PTR: lga34s30-in-f2.1e100.net

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
googleads4.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2607:f8b0:4006:80b::2002 (United States)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4006:81d::2002 (United States)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 23.41.168.244 (Edison, United States) 2 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a23-41-168-244.deploy.static.akamaitechnologies.com

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 68.67.160.117 (New York, United States) 3 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 676.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4006:80c::2006 (United States)

ASN15169 (GOOGLE, US)

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
18	googlesyndication.com 27f6f28936d67bc1ab6b03410a182a10.safeframe.googlesyndication.com pagead2.googlesyndication.com tpc.googlesyndication.com	100 KB
11	doubleclick.net 3 redirects securepubads.g.doubleclick.net googleads.g.doubleclick.net cm.g.doubleclick.net googleads4.g.doubleclick.net	179 KB
7	stfly.me stfly.me	65 KB
6	itsguider.com itsguider.com	39 KB
6	adstripe.net account.adstripe.net	90 KB
5	toglooman.com toglooman.com	126 KB
4	adnxs.com 3 redirects ib.adnxs.com	4 KB
4	casalemedia.com 2 redirects dsum-sec.casalemedia.com	4 KB
3	dozubatan.com dozubatan.com	25 KB
2	google.com adservice.google.com www.google.com	2 KB
2	quantserve.com secure.quantserve.com pixel.quantserve.com	10 KB
2	rtmark.net my.rtmark.net	1 KB
2	omchanseyr.com omchanseyr.com	24 KB
1	2mdn.net s0.2mdn.net	56 KB
1	googletagservices.com www.googletagservices.com	37 KB
1	quantcount.com rules.quantcount.com	430 B
1	gstatic.com fonts.gstatic.com	44 KB
1	gimpybedderump.com gimpybedderump.com	1 KB
1	googleapis.com fonts.googleapis.com	2 KB
70	19

	Domain	Requested by
10	pagead2.googlesyndication.com	securepubads.g.doubleclick.net tpc.googlesyndication.com stfly.me googleads.g.doubleclick.net www.googletagservices.com
7	stfly.me	stfly.me
6	tpc.googlesyndication.com	securepubads.g.doubleclick.net tpc.googlesyndication.com stfly.me googleads.g.doubleclick.net
6	itsguider.com	account.adstripe.net itsguider.com
6	account.adstripe.net	stfly.me account.adstripe.net
5	toglooman.com	omchanseyr.com toglooman.com
4	ib.adnxs.com	3 redirects googleads.g.doubleclick.net
4	dsum-sec.casalemedia.com	2 redirects googleads.g.doubleclick.net
4	cm.g.doubleclick.net	3 redirects googleads.g.doubleclick.net
3	securepubads.g.doubleclick.net	itsguider.com securepubads.g.doubleclick.net
3	dozubatan.com	omchanseyr.com dozubatan.com
2	googleads4.g.doubleclick.net	googleads.g.doubleclick.net
2	googleads.g.doubleclick.net	stfly.me
2	27f6f28936d67bc1ab6b03410a182a10.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
2	my.rtmark.net	omchanseyr.com dozubatan.com
2	omchanseyr.com	stfly.me omchanseyr.com
1	s0.2mdn.net	27f6f28936d67bc1ab6b03410a182a10.safeframe.googlesyndication.com
1	www.googletagservices.com	stfly.me
1	www.google.com	tpc.googlesyndication.com
1	adservice.google.com	securepubads.g.doubleclick.net
1	pixel.quantserve.com	itsguider.com
1	rules.quantcount.com	secure.quantserve.com
1	secure.quantserve.com	itsguider.com
1	fonts.gstatic.com	fonts.googleapis.com
1	gimpybedderump.com	stfly.me
1	fonts.googleapis.com	stfly.me
70	26

This site contains no links.

Subject Issuer	Validity	Valid
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2021-05-19` - `2022-05-18`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2021-10-18` - `2022-01-10`	3 months	crt.sh
omchanseyr.com R3	`2021-11-04` - `2022-02-02`	3 months	crt.sh
gimpybedderump.com R3	`2021-09-26` - `2021-12-25`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2021-10-18` - `2022-01-10`	3 months	crt.sh
dozubatan.com R3	`2021-10-09` - `2022-01-07`	3 months	crt.sh
toglooman.com R3	`2021-11-06` - `2022-02-04`	3 months	crt.sh
*.rtmark.net Sectigo RSA Domain Validation Secure Server CA	`2020-10-27` - `2021-11-26`	a year	crt.sh
*.itsguider.com R3	`2021-10-14` - `2022-01-12`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2021-10-18` - `2022-01-10`	3 months	crt.sh
*.quantserve.com DigiCert TLS RSA SHA256 2020 CA1	`2021-09-22` - `2022-09-21`	a year	crt.sh
*.google.com GTS CA 1C3	`2021-10-18` - `2022-01-10`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2021-10-18` - `2022-01-10`	3 months	crt.sh
www.google.com GTS CA 1C3	`2021-10-18` - `2022-01-10`	3 months	crt.sh
*.doubleclick.net GTS CA 1C3	`2021-10-18` - `2022-01-10`	3 months	crt.sh

This page contains 10 frames:

Primary Page: https://stfly.me/b7dHqrLyJ
Frame ID: 4A896FD066A278F414C32087436BB72E
Requests: 21 HTTP requests in this frame

Frame: https://account.adstripe.net/display/index.php?page=query/items/&aduid=21&pid=1&width=336&height=280&displaytype=1&native=0&device_type=large_dev_adblock&block_id=0&responsive=0&adcode_count=1&adSectionWidth=945&page_data=dc49b939104f7032a88233af0c0c8f88&time=1636353623&deliver=stfly.me&search_keywords=&page_referrer=aHR0cHM6Ly9zdGZseS5tZS9iN2RIcXJMeUo=&page_title=Command.txt%20-%20Google%20Drive&meta_description=
Frame ID: EB935929D03BEE30795DEEA57E596A96
Requests: 5 HTTP requests in this frame

Frame: https://itsguider.com/336_2.php
Frame ID: 845372A0A7439AC3B9B22643F75D4B92
Requests: 16 HTTP requests in this frame

Frame: https://27f6f28936d67bc1ab6b03410a182a10.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=2
Frame ID: 281E544E84D60C2B962F2CDD5FE652E5
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html
Frame ID: 5A6ADE574DFFC5D0BE2276E30A8FB3A9
Requests: 2 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: B12AE4354670F8701C4234DDA8E8B0B8
Requests: 2 HTTP requests in this frame

Frame: https://27f6f28936d67bc1ab6b03410a182a10.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=2
Frame ID: BA95A8975BB75CA4E73712B09D25CBD8
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CL-MFxC17IYBGPXZgrgBMAE&v=APEucNXZqmLeeVXhjSd9Pzr1Uxxmn_rt28MpaPMz_4ado275DiKP5pUCr_W-VT6E4EOxHREzvRcTLYmGCnqoOPuG05e4uEashA
Frame ID: 970FF9A335A9845CEC4D1F42045E2967
Requests: 5 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-AxNqoa5Dwb2ANB00UJHwuCEV35Qc7XKEsx246Yv9qo4DJ7uAbu7EmQ7dJAqb9BZs-wmwyEuswD4BKf-7PH8SL1FZAt1aTnkdmIzaJMmACSjSbWAi__sLAsW3s-OjMnskD0B7DeXCjiVZu5n5BB5-cxvRVYdQ&dbm_d=AKAmf-ApLI5eZmKdIntY7YoSbJOdPg9kzMgqyfcD54pAOodEymHu8_sROvJ6IyhcMdq5eajoKNjsVAFjAkxN9jcnzk8ukyZPjvwFI0Wk_ERPXzJwePlK35FvHvee8lUt3iD5flZXVqMZQ2F6Ov1myYm113i8L-gO7xBXm6zJsP21HKOl4c27ESOHhr0mfrPTr8OHxoBp7PiZAvq9CW6NvyUFkiecQgZhOPDeB3tj77QZGHczWvS-RGTwX_b-U89KLGMTrNSodmw3yrL5cZbciirtWnAonwfFkdNjOk0jQjCfogG5OyTvgb2-atGogWKtCjlfP6KV5fbzwhVRKPNggtwXbaiOdK1U8IpKSV2OLddCxPUh9y_JcIPHF79h9aAsOReZgKfz5UVWpJn8KtQGjiojL1JDBTT_wQyxRGxQ-PJQMssIuoz1-zpxLPW8aKl4XNgK-VkDTehq0ljb1kGI5gFly-CHTFjgbZgT1oMv3HMe1sZgKQ7_dA571iXmdmOUnen1QRiEQ7dnzhikDErrJhYnDyWQhYf1C_dwdP90KwDIZV6sUFeTN-66l0lfaiE24kzWUXPgopLZewVp3a3aZGr9z1U-M9BjboLyYyse94u6RHYhBpyMuACkNwC6iQiidceW0tElmIHAAdB2OdJxW0MW5vDq_BMW9oqpXNHHpcgjWve9Zg-Mshvp2L_CdIHuRVpuMdewpBvfJtxpa4Iy2ub0psroAix0Qowk-aYBdsvCXNuPLnt4jFr9CbjbpYGWUwxKcTd4EX50Y2lwnMtfX1c-IJxY0Ptvqz0bCsIseTV52DRxXwA4F4t1ZDR82JBZ0X50TSbm6dxSGdrhJQNqNCy6YRJ4TNDEBBu0ubbcOtAmGfZTQGdimtWE7YvZpTBIWDWod9tviqVVoi5paSCpd1G8PYu6SjMRoZSvfcKd_OcS7z5z-StNMzOFalZ-lIzNefGGkQzujHoQCeAEOo5F__TeY549SZn7aJx1bCXaPAmLkhn5akqhZigyTgaJHtK_6wiBPF_A8HPIaUpt8-_7IkRJ3uIR4Hw6UFqxL_10Ra4fNsJhDPPVuAetI1UU_5A_o48o5FbfKHjQE3_mntVvKakjr34bVH2pGYJqUrIQWj3ml1ymNN_uxbAcsfs7zgyJuQxXXIuqK0fUzwiqXcF_Vst5xmRnxKFnTZ7SFTMEqzvskoQK9iMxMuCIyCgTsPkOKmVs1uTpz0hzM9NVk5h_fRdJbg3MnA3ddoDAMutAMizbP0pvx7p8froFSHP45kPLwEPzjbPXxX5DUvcjUkMHoCoNJZtulz-MHcmsRIv8ckXTX0NBXcA04LrFXz6f93-5tRsa-uv9BEf-wXh0_kHQS10vGeUzRuh2J8Y_AHmzDrp_UYeBMh1Xg2F04irQdkZpiBcAxBYC8DI6L-oVl2ATYDgzFB8h3KK8KdBOBFQJ9GK9AvonyWxwalDsFdsWS6QnXYbofJTLHGG3kHV0qTpHeRRg_3G1DzMOZUxwvw40IsfPEkVAOtbDQilRbPykTP5MvCK4cbuXo5rvHyJGrhDGLK4ystUw9eRDh93NrOQ4LwWVqys-uXzheJS1UBRD52DZlbWjPi1N9k3zSVV-gX05skFA2JYwJYVWFvnwhwhoFiyZVUzRR5aj3YrlOgFPi4pgl2p96CZiud6KfuUSfnw4RJFXoxeY1Jra3gqiFJv0HF6PVqK0aRFSku41m6KuS55RLpr4vfR_Yfvuc5n2mEfYdm_r8aIrJ_ZBFgYcm8ixsQrSRdDWfOt_07ho7JGwLjEKCE4XEuKtQNLauyhqy1NkLWKj4e2TkaOn12dZf88UREODy2B_qNj87Q4cI01H5MVaSml45miWQlOJH9jLDLEER0HzT7pbgeGCYV24LtVM55HRdi3WOYuTY9id1uwlpkW93US4Qu2F2ugl9nwjWxXPUH6FLMHc9TE4aQCDCt0Lp4C6QzY_NOfA5aBoS-1nhayU-z8wuXwO8_6UbxQ6LBnqkPfD9P9gYH4Hc-UgZH_SA6SwGPslOtoAxcXkyU7A4kai6iHhn6xUQC-q2m5p-nNS10G2Ar_5CMCf_aqvjesnYYg0zdYdPsm3q4iV78v43tOWfsShvqEVdY95kzGWC0Wkcvgwk3VyaoUX0k-opHbiDMZKCOanVYjvDQGfU7r8pBgvI0NLwzBhuqJO9V6H_cy7Z5WtROedgYd112B2t5QfCACly2gRDUqzr5JlzyDBObJ0RFKtFVVlOZYIIG8R4uDsSjAfAS_9COcLOtbIjaAUGM2yQ-iSj66adq35xNUUsUeLNWwaoqQh1wL_2LwqckpqUP8bj4NeA1iGaPCGHIVpG3Wh1ZcfAPF_nUZLCZYdLmMckP-XiVW83UJFFB0ekxa-w7QCp9ItV4Qi0rKMgpa882KmQY2gpX1wthwIMaE6YwdO6HNSlVSmWNNa6BjgujA_LHK26Nq4809gSCrOsyRpe6StwYSt4eP5tzwcB07c1pmf7WBYM3HWyEsGlNFCrNEVobL0SJdyPNOjrk7vp1D7RDjdGfc1MoBMdP_oCf6uHlUfBD6TXXA1Qksq2ygGDhTFc4it2mw1eKdRa_9CLnnD0iBGvhDOtI6_uN6IpXltN31VbmIJu1NIxOxW1G_iKel4HohngrYuvKdskhykRruFjdfG0jFuC1UDEi_q2QgL859BAmfLSgOKKeul7_FUqd7Y1vpoPD9nOMltIr2aZ7UWpMKiG-JsoHcuDCj09vtffEeSBpbilfYWLHAN0a0hfI4YdivTNzs1S-Ps6cPn01UFu8q0hMK-ubZ7a4NbCvYasrQLr2q4qulUsJ66eenorh-MsBgttZzXwL8bjVYc8EP-DP3KMUEIglmK990bQcMsU3ovXNY6Lu7KhiA4yO5xW4tAp99vMezg3G4YAsvzUc44tfOTb9HIFpzXob4S08mnsVt29aE9nXCYAej5fAMjuSbWmHxz4kUZEwsXX01COD_PJ44V7EDmVi7Tq8Zp-fbDUpkuwcB0VPbQf1v0EGPuOta0lJz38zUCd1hqCw&cid=CAASBORoqNc&rfl=4%2Chttps%253A%252F%252Fstfly.me%242%2C%2Chttps%253A%252F%252Fitsguider.com%252F%240
Frame ID: 01B5B503A56A7B4FD5C989416554D57C
Requests: 13 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: D190C8FEAE37F8439033C31A2C809631
Requests: 3 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Command.txt - Google Drive

Page Statistics

70
Requests

94 %
HTTPS

63 %
IPv6

19
Domains

26
Subdomains

25
IPs

2
Countries

804 kB
Transfer

2167 kB
Size

24
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 54

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEDvX60lz048Tdhfhoymn5X0&google_cver=1

Request Chain 55

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YYjGWZ4ZgXe2ydbwPJZC3gAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEEFQwogC85MOfI6r9KgSiz0&google_cver=1

Request Chain 56

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEJMby32dGPu8rvKV_2MDy8c&google_cver=1 HTTP 307
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEJMby32dGPu8rvKV_2MDy8c%26google_cver%3D1

Request Chain 57

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MzAwNDUxMzU5OTA0NjM0NDY1OA%3D%3D

70 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request b7dHqrLyJ Show response
stfly.me/ 2 KB
2 KB 1104ms
52ms Document
text/html 2606:4700:e6::ac40:c20d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://stfly.me/b7dHqrLyJ

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:e6::ac40:c20d , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6e89e7f2a7e8a9cc724a5b8701c7c9b1e0f9874689d836b638258054086f1f52

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language: en-US,en;q=0.9

Response headers

date: Mon, 08 Nov 2021 06:40:23 GMT
content-type: text/html; charset=UTF-8
x-frame-options: SAMEORIGIN
vary: Accept-Encoding,User-Agent
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2Zaxlrnl%2Bxt5P2KL79NqJss88wSfe523Jm2nEgV61mGwU9WKCgofk26E1jpVqH4rUvOgGvz3UJyWPPXOkOAdik48stusK1JLMLeMC4yM6Rlc%2FsZG%2BjgI0wrC7Lv4YhUdrGz5zCov0A%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 6aaccf430d3d32ca-EWR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

GET
H2 200 css
fonts.googleapis.com/ 13 KB
2 KB 85ms
52ms Stylesheet
text/css 2607:f8b0:4006:816::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Open+Sans:300,400,400italic,600,700

Requested by

Host: stfly.me
URL: https://stfly.me/b7dHqrLyJ

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:816::200a , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

66219bc99ac30a346552ced8a3a2739c915b441219cfd9cf3dbef943cf7ca7bf

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://stfly.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Mon, 08 Nov 2021 05:13:08 GMT
server: ESF
date: Mon, 08 Nov 2021 06:40:23 GMT
x-frame-options: SAMEORIGIN
report-to: {"group":"AXrpQdfmR0fDhCOPhF1MuC4lh4qBOg6Nc66MCVJYeKk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/encsid_AXrpQdfmR0fDhCOPhF1MuC4lh4qBOg6Nc66MCVJYeKk"}]}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
cross-origin-opener-policy-report-only: same-origin; report-to="AXrpQdfmR0fDhCOPhF1MuC4lh4qBOg6Nc66MCVJYeKk"
expires: Mon, 08 Nov 2021 06:40:23 GMT

GET
H2 200 bootstrap.min.css
stfly.me/customfiles/ 108 KB
18 KB 41ms
40ms Stylesheet
text/css 2606:4700:e6::ac40:c20d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://stfly.me/customfiles/bootstrap.min.css

Requested by

Host: stfly.me
URL: https://stfly.me/b7dHqrLyJ

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:e6::ac40:c20d , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

83521aad7c96625246ef4168f1d84d12b0652e8eb61ad0875066fee1fa797daf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://stfly.me/b7dHqrLyJ
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Mon, 08 Nov 2021 06:40:23 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1597427
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Tue, 06 Oct 2020 10:59:12 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"1ae1b-5b0fe7d2f8000-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding,User-Agent
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UwgTKGtq8bJtsXuBtKaAVvZ41M00ssbqKQVJuhTQR17M9l%2F9Hor9vOevMjbtniormkk%2FA6DoNoROXhgxAWezJNdcpEWXmUxHek6gulbEcJj5h1kwG4x%2BCtySC4US3csZd1JdAlLTrg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=2592000
cf-ray: 6aaccf438de332ca-EWR
expires: Fri, 19 Nov 2021 18:56:36 GMT

GET
H2 200 main.css
stfly.me/customfiles/ 24 KB
5 KB 26ms
25ms Stylesheet
text/css 2606:4700:e6::ac40:c20d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://stfly.me/customfiles/main.css

Requested by

Host: stfly.me
URL: https://stfly.me/b7dHqrLyJ

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:e6::ac40:c20d , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

89e38ae45e4ab6870530ad77bc793c32dcb03a600156b9930ffe3104f6702b25

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://stfly.me/b7dHqrLyJ
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Mon, 08 Nov 2021 06:40:23 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1597427
cf-bgj: minify
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Tue, 06 Oct 2020 10:59:12 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"61d1-5b0fe7d2f8000-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding,User-Agent
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QYCpq5%2BREMT1ZDcNFhUFyuO5pMMQbT2rbg2LhhYOBlIMjNrQFNmrNxkQFohO%2BUfTcECHTOValb7BYI1y8rs2bD3e0X15uo4L9ahDy5cU0Lj0dsLfKCSlySdz%2FoMjOjVg9KeFK7oDoQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=2592000
cf-ray: 6aaccf438de432ca-EWR
expires: Fri, 19 Nov 2021 18:56:36 GMT

GET
H2 200 custom.css
stfly.me/customfiles/ 47 KB
19 KB 41ms
41ms Stylesheet
text/css 2606:4700:e6::ac40:c20d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://stfly.me/customfiles/custom.css

Requested by

Host: stfly.me
URL: https://stfly.me/b7dHqrLyJ

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:e6::ac40:c20d , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b62d3ff7ec9f5543b6d6a2429170ed375b550d869b90d9886464143cd89b83ef

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://stfly.me/b7dHqrLyJ
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Mon, 08 Nov 2021 06:40:23 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1597427
cf-bgj: minify
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Tue, 06 Oct 2020 10:59:12 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"bddd-5b0fe7d2f8000-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding,User-Agent
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dLM%2F5Ce1jP0yAvE8g6duqb0Fe0d1eWwvcXFX%2BpwgjeCKqW7NuTnivpiMESwYYIAUeMn%2FPlXILRswYx63sVhkiQ6wsC8mQYrO0NOYnmpyGzyp73%2F4CPegyuP9k7%2BLTaeHWg8BTUDrTQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=2592000
cf-ray: 6aaccf438de532ca-EWR
expires: Fri, 19 Nov 2021 18:56:36 GMT

GET
H2 200 invisible.js Show response
stfly.me/cdn-cgi/challenge-platform/h/b/scripts/ 42 KB
15 KB 49ms
49ms Script
text/javascript 2606:4700:e6::ac40:c20d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://stfly.me/cdn-cgi/challenge-platform/h/b/scripts/invisible.js
Requested by: Host: stfly.me
URL: https://stfly.me/b7dHqrLyJ
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e6::ac40:c20d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 752f02507af278542d857a5638352e274e0f14b1abb4a4a3c134481d78513b84

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://stfly.me/b7dHqrLyJ
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Mon, 08 Nov 2021 06:40:23 GMT
content-encoding: br
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MjsQpNupSgiZCgF1o7eG6yh43X6JtcXeQzr36vvk8EV3tamXaDfmS3pOeCFw3c8QLDBww5JXpkwB6mGKaS3H3RN%2BAK6ak%2FXTFlmOJl6faMARKo017L5CvCboCxTZtghu4Bj4h4H32g%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/javascript
cache-control: max-age=604800, public
x-control-type-options: nosniff
cf-ray: 6aaccf438de632ca-EWR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

GET
H2 200 items.php Show response
account.adstripe.net/display/ 62 KB
12 KB 300ms
35ms Script
application/javascript 2606:4700:3033::ac43:9993
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://account.adstripe.net/display/items.php?21&1&336&280&1&0&0
Requested by: Host: stfly.me
URL: https://stfly.me/b7dHqrLyJ
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::ac43:9993 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: af30847cfd1652a498307d555fec1d6fb680fcdafbc143f19a19ef7e42633776

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://stfly.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Mon, 08 Nov 2021 06:40:23 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
pragma: no-cache
last-modified: Mon, 08 Nov 2021 06:40:23 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lUEvmkwSTogXmsHfhyPbnTwpPqzsLXXd9VESZt39pcTS4Y3k%2BApROMFk1stnze%2Fqn4J9hWcW%2B9RQQRU3D%2F2MTR9FVgxey7YY2lKy0osaAflknOeXO0k9qBP7sAaHN75uK0Y4G%2BtPGKi4baaq60%2FqQeDLBQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
cf-ray: 6aaccf452d99199d-EWR
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 apu.php Show response
omchanseyr.com/ 55 KB
22 KB 339ms
156ms Script
application/javascript 139.45.197.238
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://omchanseyr.com/apu.php?zoneid=3381289

Requested by

Host: stfly.me
URL: https://stfly.me/b7dHqrLyJ

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

139.45.197.238 , United Kingdom, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

56094bd0f62236c479b48ca45d27ef4607b370a642f3cff0b54e5fa370a2cde0

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://stfly.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Mon, 08 Nov 2021 06:40:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
access-control-max-age: 86400
x-trace-id: f8c5b82b42e083d897992c58d6905a69
pragma: no-cache
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
server: nginx
strict-transport-security: max-age=1
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript
access-control-allow-origin: *
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
access-control-allow-credentials: true
timing-allow-origin: *, *
link: <https://my.rtmark.net>; rel="preconnect dns-prefetch",<https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://lukomol.com>; rel="preconnect dns-prefetch"
expires: Tue, 11 Jan 1994 10:00:00 GMT

GET
H/1.1 200
OK 30732 Show response
gimpybedderump.com/1clkn/ 0
1 KB 396ms
95ms Script
application/javascript 51.254.89.232
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://gimpybedderump.com/1clkn/30732

Requested by

Host: stfly.me
URL: https://stfly.me/b7dHqrLyJ

Protocol

HTTP/1.1

Security

TLS 1.2, RSA, AES_128_CBC

Server

51.254.89.232 Gainsborough, United Kingdom, ASN16276 (OVH, FR),

Reverse DNS

ip232.ip-51-254-89.eu

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://stfly.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date: Mon, 08 Nov 2021 06:40:23 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Server: nginx
Vary: Accept-Encoding
Content-Type: application/javascript; charset=utf-8
Connection: keep-alive
Transfer-Encoding: chunked
Strict-Transport-Security: max-age=1
Keep-Alive: timeout=20

GET
H2 200 rocket-loader.min.js Show response
stfly.me/cdn-cgi/scripts/7d0fa10a/cloudflare-static/ 12 KB
4 KB 16ms
16ms Script
application/javascript 2606:4700:e6::ac40:c20d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://stfly.me/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Requested by

Host: stfly.me
URL: https://stfly.me/b7dHqrLyJ

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:e6::ac40:c20d , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://stfly.me/b7dHqrLyJ
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Mon, 08 Nov 2021 06:40:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 05 Nov 2021 13:28:28 GMT
server: cloudflare
etag: W/"6185317c-302c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-frame-options: DENY
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jXhPyh5s%2Fb%2BKozXBXmRHCw6MPexdeKEe%2B5UrKnWPLdUvI5kAAYAaFFlveR46JrsD%2FY%2F7HOOA3lJ%2F0Jz%2F8508tueLm7%2FzFfIIKQ9tE6EeqDz52jkNnSmB0cTkCmMrwwIPSwGLkF7PFw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=172800, public
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 6aaccf438de732ca-EWR
vary: Accept-Encoding
expires: Wed, 10 Nov 2021 06:40:23 GMT

GET
H2 200 modernizr.min.js Show response
stfly.me/customfiles/ 1 KB
1 KB 18ms
18ms Script
application/javascript 2606:4700:e6::ac40:c20d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://stfly.me/customfiles/modernizr.min.js

Requested by

Host: stfly.me
URL: https://stfly.me/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:e6::ac40:c20d , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

147b08aa6afaa0b704ebedb56d0b146a7e33600a971e5d20773b3371db70be11

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://stfly.me/b7dHqrLyJ
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Mon, 08 Nov 2021 06:40:23 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1597427
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Tue, 06 Oct 2020 10:59:12 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"5f6-5b0fe7d2f8000-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding,User-Agent
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8WlHVLmjUk3G7qoNuGjoEDDD%2FW8wFLixIqU0NIa%2ByAnBO138e8daZ3VEwF4sYQC1yrD%2BQ87j0yhzPsrdbKlARGGWOW2rdiUZ26%2FxscCxIJJN48FazyP8jgGLDGue%2BuQyZAdf5VZ1hA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=2592000
cf-ray: 6aaccf440e6232ca-EWR
expires: Fri, 19 Nov 2021 18:56:36 GMT

GET
H2 200 memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
fonts.gstatic.com/s/opensans/v27/ 44 KB
44 KB 42ms
10ms Font
font/woff2 2607:f8b0:4006:809::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v27/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans:300,400,400italic,600,700

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:809::2003 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

88915cdc03fc5b9a20aec966fe93ee38aa3fd76bfef296e41d305271b3541c96

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://stfly.me
Accept-Language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Thu, 04 Nov 2021 16:19:35 GMT
x-content-type-options: nosniff
age: 310848
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 44656
x-xss-protection: 0
last-modified: Thu, 28 Oct 2021 00:30:43 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Fri, 04 Nov 2022 16:19:35 GMT

GET
H2 200 index.php Show response
account.adstripe.net/display/ Frame EB93 7 KB
2 KB 44ms
44ms Document
text/html 2606:4700:3033::ac43:9993
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://account.adstripe.net/display/index.php?page=query/items/&aduid=21&pid=1&width=336&height=280&displaytype=1&native=0&device_type=large_dev_adblock&block_id=0&responsive=0&adcode_count=1&adSectionWidth=945&page_data=dc49b939104f7032a88233af0c0c8f88&time=1636353623&deliver=stfly.me&search_keywords=&page_referrer=aHR0cHM6Ly9zdGZseS5tZS9iN2RIcXJMeUo=&page_title=Command.txt%20-%20Google%20Drive&meta_description=
Requested by: Host: account.adstripe.net
URL: https://account.adstripe.net/display/items.php?21&1&336&280&1&0&0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::ac43:9993 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ad697a6f35d551e7ba204612d585708366be6650d33920837bda33a64d915efb

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language: en-US,en;q=0.9
Referer: https://stfly.me/

Response headers

date: Mon, 08 Nov 2021 06:40:23 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=phfmhMJM9cECoinkvgyz3IfZnkdKZyLz6jtXMRLpIYPb0leGyZWPiUXd4h82ryop5DW9wLbx6j%2BRWORvfTL2ojKDbS%2BEQAJA4%2FGc%2BjYvcU2AdWs0CgXClBksqJCbf3eNROnuwnIkMQ1JD0%2FtWylxEo%2FkAA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 6aaccf457def199d-EWR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

GET
H2 200 4495548 Show response
dozubatan.com/400/ 65 KB
25 KB 314ms
148ms Script
application/javascript 139.45.197.237
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://dozubatan.com/400/4495548

Requested by

Host: omchanseyr.com
URL: https://omchanseyr.com/apu.php?zoneid=3381289

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

139.45.197.237 , United Kingdom, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

317c0221552dea816dbcd4b36e6fa8719430508e8b9f52ab70160c17d6ce3493

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://stfly.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

x-trace-id: e7217b58fe7baac241f7311ad5e283c2
pragma: no-cache
date: Mon, 08 Nov 2021 06:40:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: nginx
vary: Origin
content-type: application/javascript
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
strict-transport-security: max-age=1
timing-allow-origin: *
expires: Wed, 31 Dec 1969 19:00:00 EST

GET
H2 200 1 Show response
toglooman.com/ 6 KB
4 KB 239ms
76ms Script
text/javascript 139.45.197.239
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://toglooman.com/1?z=3968308
Requested by: Host: omchanseyr.com
URL: https://omchanseyr.com/apu.php?zoneid=3381289
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 139.45.197.239 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software: nginx /
Resource Hash: 5af46f0f5413fa15f57222cbbdc5a8eedff0c25f94a973ce8bfb54e943f9e1dd

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://stfly.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Nov 2021 06:40:24 GMT
content-encoding: gzip
x-sc: 81HnlPiflvkSayTDECzAtclsCL5Y8nqExe-Y1A0TDQ3C8SFcNV6oZielYKGXx7ehrVbGZ27IFsBm21L3myhjFZf1XIY=
server: nginx
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
content-type: text/javascript
access-control-allow-origin
access-control-expose-headers: X-Sc
cache-control: no-store, no-cache, must-revalidate, max-age=0
access-control-allow-credentials: true
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 gid.js Show response
my.rtmark.net/ 65 B
539 B 271ms
83ms XHR
application/json 139.45.195.8
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://my.rtmark.net/gid.js?userId=1bca4a9c251247e6abde330a94142566

Requested by

Host: omchanseyr.com
URL: https://omchanseyr.com/apu.php?zoneid=3381289

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

139.45.195.8 , United Kingdom, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

bc9ade4397618fceaf2c6a9ab5ad4c0aad58ca3ec83dbf234330f19eed691a6d

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://stfly.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Mon, 08 Nov 2021 06:40:24 GMT
x-content-type-options: nosniff
server: nginx
strict-transport-security: max-age=1
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
content-type: application/json; charset=utf-8
access-control-allow-origin: https://stfly.me
access-control-expose-headers: Authorization
access-control-allow-credentials: true
timing-allow-origin: *, *
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
content-length: 65

GET
H2 200 jquery.min.js Show response
account.adstripe.net/display/js/ Frame EB93 243 KB
74 KB 19ms
18ms Script
application/javascript 2606:4700:3033::ac43:9993
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://account.adstripe.net/display/js/jquery.min.js
Requested by: Host: account.adstripe.net
URL: https://account.adstripe.net/display/index.php?page=query/items/&aduid=21&pid=1&width=336&height=280&displaytype=1&native=0&device_type=large_dev_adblock&block_id=0&responsive=0&adcode_count=1&adSectionWidth=945&page_data=dc49b939104f7032a88233af0c0c8f88&time=1636353623&deliver=stfly.me&search_keywords=&page_referrer=aHR0cHM6Ly9zdGZseS5tZS9iN2RIcXJMeUo=&page_title=Command.txt%20-%20Google%20Drive&meta_description=
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::ac43:9993 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0047f2b4e58d50cd286045db5a9a694d843c551e96e92f7bcd10bf2e111149f2

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://account.adstripe.net/display/index.php?page=query/items/&aduid=21&pid=1&width=336&height=280&displaytype=1&native=0&device_type=large_dev_adblock&block_id=0&responsive=0&adcode_count=1&adSectionWidth=945&page_data=dc49b939104f7032a88233af0c0c8f88&time=1636353623&deliver=stfly.me&search_keywords=&page_referrer=aHR0cHM6Ly9zdGZseS5tZS9iN2RIcXJMeUo=&page_title=Command.txt%20-%20Google%20Drive&meta_description=
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Mon, 08 Nov 2021 06:40:23 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Sat, 17 Apr 2021 10:55:55 GMT
server: cloudflare
age: 2223
etag: W/"3cd47-5c028f0d0e4c0-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rsM89f4%2F%2FpnqE6LvsmEJ%2FVTHfLfoQVBN7j%2FH9UGJHTBjFTGqYSaWOc7hxZTOKyiDrc87HHrwOeuaAlnRyWpH8L7X5l6qsNHeKFUbpv3rnKfEl3WYU5sgvtNPd8va8%2BadvUFjJWIr7UqR0va3llIRooYUtA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 6aaccf45de57199d-EWR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

GET
H2 200 data.png
account.adstripe.net/images/ Frame EB93 931 B
1 KB 10ms
10ms Image
image/png 2606:4700:3033::ac43:9993
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://account.adstripe.net/images/data.png
Requested by: Host: account.adstripe.net
URL: https://account.adstripe.net/display/index.php?page=query/items/&aduid=21&pid=1&width=336&height=280&displaytype=1&native=0&device_type=large_dev_adblock&block_id=0&responsive=0&adcode_count=1&adSectionWidth=945&page_data=dc49b939104f7032a88233af0c0c8f88&time=1636353623&deliver=stfly.me&search_keywords=&page_referrer=aHR0cHM6Ly9zdGZseS5tZS9iN2RIcXJMeUo=&page_title=Command.txt%20-%20Google%20Drive&meta_description=
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::ac43:9993 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f65dd0ed5ab0097e2cb276b346ccfaddb2a9134c9278af39c6a24cd821fce06f

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://account.adstripe.net/display/index.php?page=query/items/&aduid=21&pid=1&width=336&height=280&displaytype=1&native=0&device_type=large_dev_adblock&block_id=0&responsive=0&adcode_count=1&adSectionWidth=945&page_data=dc49b939104f7032a88233af0c0c8f88&time=1636353623&deliver=stfly.me&search_keywords=&page_referrer=aHR0cHM6Ly9zdGZseS5tZS9iN2RIcXJMeUo=&page_title=Command.txt%20-%20Google%20Drive&meta_description=
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Mon, 08 Nov 2021 06:40:23 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 4358
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 931
last-modified: Sat, 17 Apr 2021 10:55:55 GMT
server: cloudflare
etag: "3a3-5c028f0d0e4c0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=K9Gkh%2FhmkMi%2Buio1e6mfEUBUnb8bghY9AsSJT7q9qoy4h89%2Fe1%2FPVDqpCko5Ge6wVB636E8TPDa4zYo1vGEFgFmAyNmqfuHXjj3Zv03l5KBW%2FC0mYjWP%2F4gAY8Ja4rKf9RL11vCzigeWRP5RMnCTKdjm6A%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 6aaccf45de5c199d-EWR

GET
H2 200 1-icon-1635666360.png
account.adstripe.net/upload/credit/ Frame EB93 546 B
880 B 10ms
10ms Image
image/png 2606:4700:3033::ac43:9993
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://account.adstripe.net/upload/credit/1-icon-1635666360.png
Requested by: Host: account.adstripe.net
URL: https://account.adstripe.net/display/index.php?page=query/items/&aduid=21&pid=1&width=336&height=280&displaytype=1&native=0&device_type=large_dev_adblock&block_id=0&responsive=0&adcode_count=1&adSectionWidth=945&page_data=dc49b939104f7032a88233af0c0c8f88&time=1636353623&deliver=stfly.me&search_keywords=&page_referrer=aHR0cHM6Ly9zdGZseS5tZS9iN2RIcXJMeUo=&page_title=Command.txt%20-%20Google%20Drive&meta_description=
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::ac43:9993 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 85821da273b7d5dc51f8c9ff01bb46fa3461f36aef2977a6c74aa66cc2bd503e

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://account.adstripe.net/display/index.php?page=query/items/&aduid=21&pid=1&width=336&height=280&displaytype=1&native=0&device_type=large_dev_adblock&block_id=0&responsive=0&adcode_count=1&adSectionWidth=945&page_data=dc49b939104f7032a88233af0c0c8f88&time=1636353623&deliver=stfly.me&search_keywords=&page_referrer=aHR0cHM6Ly9zdGZseS5tZS9iN2RIcXJMeUo=&page_title=Command.txt%20-%20Google%20Drive&meta_description=
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Mon, 08 Nov 2021 06:40:23 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2223
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 546
last-modified: Sun, 31 Oct 2021 07:46:00 GMT
server: cloudflare
etag: "222-5cfa1406a0ef7"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2fLmV6X7FqAbFMJSTMqEbF2%2BfUF92cNPy9nVrdalNUM8uI75lf%2B2mryGksiAJyxmIKPwERDUIom7sHYMKmMmqkJMUPVr9mSrk8%2Fst85ymvjUNs1fkQOquc1SZabNDzyuM5rULt48z4IPae8suF6MIdJIrg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 6aaccf45ee71199d-EWR

GET
H2 200 336_2.php Show response
itsguider.com/ Frame 8453 14 KB
6 KB 144ms
119ms Document
text/html 2606:4700:3036::ac43:859c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://itsguider.com/336_2.php
Requested by: Host: account.adstripe.net
URL: https://account.adstripe.net/display/index.php?page=query/items/&aduid=21&pid=1&width=336&height=280&displaytype=1&native=0&device_type=large_dev_adblock&block_id=0&responsive=0&adcode_count=1&adSectionWidth=945&page_data=dc49b939104f7032a88233af0c0c8f88&time=1636353623&deliver=stfly.me&search_keywords=&page_referrer=aHR0cHM6Ly9zdGZseS5tZS9iN2RIcXJMeUo=&page_title=Command.txt%20-%20Google%20Drive&meta_description=
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3036::ac43:859c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3d0021f21a56e0acfd02b35146e9696db4702fa3f2037313dde045e45286189e

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language: en-US,en;q=0.9
Referer: https://account.adstripe.net/

Response headers

date: Mon, 08 Nov 2021 06:40:24 GMT
content-type: text/html; charset=UTF-8
cache-control: max-age=0, must-revalidate, no-cache, no-store
display: orig_site_sol
expires: Sun, 07 Nov 2021 06:40:24 GMT
pagespeed: off
response: 200
vary: Accept-Encoding Accept-Encoding,User-Agent
x-ezoic-cdn: Miss
x-middleton-display: orig_site_sol
x-middleton-response: 200
x-origin-cache-control: max-age=0
x-sol: orig
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BZsJvHtAWZDVsPOhhqbNEHe4XopUxREWaOS6Ueu1FRUU11A9n0mlXAnM5MleV2A4B2v2sjJX1bQujh8926yCeXnzqgvfPVHn%2FV4z08j5SrbO9h11ttGiKvn22UXHYPyFT0D5sB4FuyfVS%2FCV"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 6aaccf464e261927-EWR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

GET
H2 200 index.php Show response
account.adstripe.net/track/ Frame EB93 131 B
426 B 37ms
37ms Script
application/javascript 2606:4700:3033::ac43:9993
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://account.adstripe.net/track/index.php?page=click/data/0|2|2|1|21|1|2|2|0|2|0.00055|0.00055|0|0/caa11632e5a00feeb8628370965a608b/1636353633/US/
Requested by: Host: account.adstripe.net
URL: https://account.adstripe.net/display/index.php?page=query/items/&aduid=21&pid=1&width=336&height=280&displaytype=1&native=0&device_type=large_dev_adblock&block_id=0&responsive=0&adcode_count=1&adSectionWidth=945&page_data=dc49b939104f7032a88233af0c0c8f88&time=1636353623&deliver=stfly.me&search_keywords=&page_referrer=aHR0cHM6Ly9zdGZseS5tZS9iN2RIcXJMeUo=&page_title=Command.txt%20-%20Google%20Drive&meta_description=
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::ac43:9993 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: df13b2bb492cfe24e54a5fbdda0b434e5071be93b12683ab32ddc4318bc44a63

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://account.adstripe.net/display/index.php?page=query/items/&aduid=21&pid=1&width=336&height=280&displaytype=1&native=0&device_type=large_dev_adblock&block_id=0&responsive=0&adcode_count=1&adSectionWidth=945&page_data=dc49b939104f7032a88233af0c0c8f88&time=1636353623&deliver=stfly.me&search_keywords=&page_referrer=aHR0cHM6Ly9zdGZseS5tZS9iN2RIcXJMeUo=&page_title=Command.txt%20-%20Google%20Drive&meta_description=
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Mon, 08 Nov 2021 06:40:24 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QFSaAnzvV%2F9l1q%2B7kQ74u92KQoYAXQmzfkRHGghygWz1tK3x2Vtj70zLDW8ciyW7EriHc95l58bgl3jyLbbRu%2FtRz%2FSYIQ5osbe8GzPqt%2B6JPIb%2BX7Q0zr9Y3pHKLAaLzlnpQ255wW16%2FDeHxWLwzFRCbQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cf-ray: 6aaccf462eb3199d-EWR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ Frame 8453 79 KB
27 KB 91ms
68ms Script
text/javascript 142.251.40.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: itsguider.com
URL: https://itsguider.com/336_2.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.40.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s39-in-f2.1e100.net

Software

sffe /

Resource Hash

c874d25cf5f26216f7fa389dbddfd0dcadc11ca93cfe8f2c89ac7657177c1d55

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://itsguider.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Mon, 08 Nov 2021 06:40:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1037 / 156 of 1000 / last-modified: 1636149938"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27040
x-xss-protection: 0
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Mon, 08 Nov 2021 06:40:24 GMT

GET
H2 200 ezcl.webp Show response
itsguider.com/utilcave_com/inc/ Frame 8453 1 KB
1 KB 66ms
66ms Script
application/javascript 2606:4700:3036::ac43:859c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://itsguider.com/utilcave_com/inc/ezcl.webp?cb=4
Requested by: Host: itsguider.com
URL: https://itsguider.com/336_2.php
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3036::ac43:859c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1c5ad2fd42dffdf04a0f1d757c1cccb4d840218d7ecada79d6cc9db33ca40319

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://itsguider.com/336_2.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Mon, 08 Nov 2021 06:40:24 GMT
content-encoding: br
cf-cache-status: BYPASS
x-sol: middleton
server: cloudflare
display: staticcontent_sol
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GAv%2F9it5Rak9YuBihpZ54vJwvx2TwOzJYgmI4sYqmW2%2BuNdOicax%2BEVy0uNDvkxv86d9RcB3Ewy8V4eW3w6tyDStFw%2BxASmru6paQ1saNW5KCNlWfk7k%2FcvqmjCyYO%2BC4Ic6yWoh991xEh94"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
x-middleton-display: staticcontent_sol
cache-control: max-age=86400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 6aaccf471f3e1927-EWR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

GET
H2 200 cmbv2.js Show response
itsguider.com/detroitchicago/ Frame 8453 67 KB
20 KB 10ms
10ms Script
application/javascript 2606:4700:3036::ac43:859c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://itsguider.com/detroitchicago/cmbv2.js?gcb=195-0&cb=04-1y02-5y06-12y07-1y19-5y0b-5y0d-14y13-3y17-4y1a-2y1f-3y51-1&cmbcb=20&sj=x04x02x06x07x19x0bx0dx13x17x1ax1fx51
Requested by: Host: itsguider.com
URL: https://itsguider.com/336_2.php
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3036::ac43:859c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 30880ac28b4bac5e9ffa9e448960cb7952839d0a7e20c0ea468b2ea1218cfe27

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://itsguider.com/336_2.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Mon, 08 Nov 2021 06:40:24 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2123363
cf-polished: origSize=68973
cf-ray: 6aaccf471f401927-EWR
x-middleton-display: sol-js
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified: Thu, 14 Oct 2021 16:51:01 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=owd49pax8XDhX6NB2cQV7g6ikfDBs%2BDKpIKlZpJRMuF9ltQFOqlj9oFOF1%2BjiNMBEjgA33kqmOAVMwXfpFVk43yERL7qCQCZejTcu5F3kNiJ1s4q%2BQLto27ZTMigsrJ7lBcwtcxAhVEhpLul"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=31536000
x-robots-tag: noindex
cf-bgj: minify

GET
H2 200 imp.gif Show response
itsguider.com/detroitchicago/ Frame 8453 43 B
392 B 53ms
52ms XHR
image/gif 2606:4700:3036::ac43:859c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://itsguider.com/detroitchicago/imp.gif?e=%7B%22ad_cache_level%22%3A0%2C%22ad_lazyload_version%22%3A0%2C%22ad_load_version%22%3A0%2C%22city%22%3A%22New%20York%22%2C%22country%22%3A%22US%22%2C%22days_since_last_visit%22%3A-1%2C%22domain_id%22%3A297268%2C%22engaged_time_visit%22%3A0%2C%22ezcache_level%22%3A1%2C%22ezcache_skip_code%22%3A7%2C%22form_factor_id%22%3A1%2C%22framework_id%22%3A1%2C%22is_return_visitor%22%3Afalse%2C%22is_sitespeed%22%3A0%2C%22last_page_load%22%3A%22%22%2C%22last_pageview_id%22%3A%22%22%2C%22lt_cache_level%22%3A0%2C%22metro_code%22%3A501%2C%22page_ad_positions%22%3A%22%22%2C%22page_view_count%22%3A0%2C%22page_view_id%22%3A%22cb7f227b-9655-4476-6ed7-4fab610c4afe%22%2C%22position_selection_id%22%3A0%2C%22postal_code%22%3A%2210013%22%2C%22pv_event_count%22%3A0%2C%22response_size_orig%22%3A670%2C%22response_time_orig%22%3A45%2C%22serverid%22%3A%2218.212.40.43%3A23089%22%2C%22state%22%3A%22NY%22%2C%22t_epoch%22%3A1636353624%2C%22template_id%22%3A120%2C%22time_on_site_visit%22%3A0%2C%22url%22%3A%22https%3A%2F%2Fitsguider.com%2F336_2.php%22%2C%22user_id%22%3A0%2C%22word_count%22%3A0%2C%22worst_bad_word_level%22%3A0%7D&ez_orig=1
Requested by: Host: itsguider.com
URL: https://itsguider.com/detroitchicago/cmbv2.js?gcb=195-0&cb=04-1y02-5y06-12y07-1y19-5y0b-5y0d-14y13-3y17-4y1a-2y1f-3y51-1&cmbcb=20&sj=x04x02x06x07x19x0bx0dx13x17x1ax1fx51
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3036::ac43:859c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://itsguider.com/336_2.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Mon, 08 Nov 2021 06:40:24 GMT
cf-cache-status: BYPASS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2AncVeTso0gZ91MXVIKyJeUwTPqQo%2F6x2Yl0SRd8FoXbgorOWl61Ued1VLD5wQ7lPArjxzYxM%2FpoHmZPASGRF24zaGnDTB1ivHR4ZVnfJUA%2BfVL7mlNXOUo1CD6RYpACC3yISIszZdn402BU"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
x-middleton-display: imp_sol
cache-control: no-cache, no-store, must-revalidate, max-age=0
accept-ranges: bytes
cf-ray: 6aaccf473f601927-EWR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 43

GET
H2 200 quant.js Show response
secure.quantserve.com/ Frame 8453 24 KB
10 KB 72ms
11ms Script
application/javascript 2620:116:800b:21:f803:c51b:4d23:ce8c
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://secure.quantserve.com/quant.js
Requested by: Host: itsguider.com
URL: https://itsguider.com/detroitchicago/cmbv2.js?gcb=195-0&cb=04-1y02-5y06-12y07-1y19-5y0b-5y0d-14y13-3y17-4y1a-2y1f-3y51-1&cmbcb=20&sj=x04x02x06x07x19x0bx0dx13x17x1ax1fx51
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2620:116:800b:21:f803:c51b:4d23:ce8c , United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: /
Resource Hash: 53d91fb2b51a3daa0645f78f71b29e695f42b0ac6db0d29f7fc7e5e38c3ffb7a

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://itsguider.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Mon, 08 Nov 2021 06:40:24 GMT
content-encoding: gzip
etag: "4zy+3zXYb8Q7og5Af8HrBg=="
vary: Accept-Encoding
content-type: application/javascript
cache-control: private, max-age=604800
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
expires: Mon, 15 Nov 2021 06:40:24 GMT

GET
H2 200 cmbdv2.js Show response
itsguider.com/detroitchicago/ Frame 8453 44 KB
11 KB 10ms
9ms Script
application/javascript 2606:4700:3036::ac43:859c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://itsguider.com/detroitchicago/cmbdv2.js?gcb=195-0&cb=03-5y0c-5y18-4&cmbcb=20&sj=x03x0cx18
Requested by: Host: itsguider.com
URL: https://itsguider.com/336_2.php
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3036::ac43:859c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: dfa881fc4b288244d63523f288205175996365023f2e835fa7428e654b48609d

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://itsguider.com/336_2.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Mon, 08 Nov 2021 06:40:24 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2123142
cf-polished: origSize=44604
cf-ray: 6aaccf473f621927-EWR
x-middleton-display: sol-js
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified: Thu, 14 Oct 2021 16:54:42 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Y%2B%2B%2FEpc0ugEch%2BsAdap%2By9yrjxcRz2TlOZkNgNWmmjT6DIiG8YmMpYZ3gie523W7n1SrtAEFtdv%2FBSRNZQK6bPCvmCtZWE5wDXSYygq%2FNgo0Y33EVdAz77XfdPnXmU8hJ%2FgWDoLu3Dm3tG8Z"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=31536000
x-robots-tag: noindex
cf-bgj: minify

GET
H2 200 f42d5f543e173540f12b4b2a0915dcdc Show response
toglooman.com/27/ 372 KB
122 KB 147ms
147ms Script
application/javascript 139.45.197.239
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://toglooman.com/27/f42d5f543e173540f12b4b2a0915dcdc

Requested by

Host: toglooman.com
URL: https://toglooman.com/1?z=3968308

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

139.45.197.239 , United Kingdom, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

fdf4726321914d65ac988b2a5c33e048421c8369fa40d987321c1a602f798b39

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://stfly.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Mon, 08 Nov 2021 06:40:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 03 Nov 2021 06:47:50 GMT
server: nginx
strict-transport-security: max-age=1
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
content-type: application/javascript
access-control-allow-origin
cache-control: max-age:290304000, public
access-control-allow-credentials: true
timing-allow-origin: *
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
expires: Wed, 03 Dec 2081 06:47:50 GMT

GET
H2 200 38 Show response
toglooman.com/42/ 0
495 B 287ms
287ms Script
text/plain 139.45.197.239
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://toglooman.com/42/38?z=3968308
Requested by: Host: toglooman.com
URL: https://toglooman.com/1?z=3968308
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 139.45.197.239 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://stfly.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Nov 2021 06:40:24 GMT
server: nginx
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-origin
access-control-expose-headers: X-Sc
cache-control: no-store, no-cache, must-revalidate, max-age=0
access-control-allow-credentials: true
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
content-length: 0
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 / Show response
omchanseyr.com/ 2 KB
2 KB 81ms
81ms Fetch
application/json 139.45.197.238
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://omchanseyr.com/?rb=Kg8e2lyCH42ZBsoB3O1rQfchvs9mVTH-_xEiOdJ8AKU1OwjhWsHSIU_Hgh2skbx36GNUoDCofbtG7_euf7rycA3UYMb62UK01dgbC9rccDzk01ZtGwS2JwI0un3pzMRR_ceMD5SA3E3G80wZC0GijJTRW4Le8IxupAqqphSFmhbLAz7tw_N8OybzOtQ2furLndUQHVkCivo1de9TVxi7OTV23Erb5ksAop6RUFzXeCXUkWelwBxaTwSH_-YMRrC2fS4TwzOzjqyUVigF&zoneid=3381289&request_ab2=0&fs=0&cf=0&sw=1600&sh=1200&sah=1200&wx=0&wy=0&ww=1600&wh=1200&cw=1600&wiw=1600&wih=1200&wfc=1&pl=https%3A%2F%2Fstfly.me%2Fb7dHqrLyJ&drf=&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&js_build=2&bs=a37caeba-9301-4178-a423-3ff3c1765f41&userId=1bca4a9c251247e6abde330a94142566&m=link

Requested by

Host: omchanseyr.com
URL: https://omchanseyr.com/apu.php?zoneid=3381289

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

139.45.197.238 , United Kingdom, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

8f55d6aa43628f81ce850978fb21dab269a8d9b926128757cdce84c01b526d8e

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://stfly.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Mon, 08 Nov 2021 06:40:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
access-control-max-age: 86400
x-trace-id: 17ad07b01a1f23b32a9ba23fcc4aca23
pragma: no-cache
server: nginx
strict-transport-security: max-age=1
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/json
access-control-allow-origin: https://stfly.me
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
access-control-allow-credentials: true
timing-allow-origin: *, *
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
expires: Tue, 11 Jan 1994 10:00:00 GMT

GET
H2 200 cl.gif
itsguider.com/detroitchicago/ Frame 8453 43 B
536 B 44ms
44ms Image
image/gif 2606:4700:3036::ac43:859c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://itsguider.com/detroitchicago/cl.gif?pvID=cb7f227b-9655-4476-6ed7-4fab610c4afe&dID=297268
Requested by: Host: itsguider.com
URL: https://itsguider.com/336_2.php
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3036::ac43:859c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://itsguider.com/336_2.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Mon, 08 Nov 2021 06:40:24 GMT
cf-cache-status: BYPASS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hvuw11YtgQQaPd%2Bggse0PwWAgSu1eQ48eU8rlp486cyaRaHDW%2FypnR8eddBaQU0Dv2q1F9bMFWzMGPczMXwoRmpSqX5npv8Uq1K0ErbT51ZME9eHqpLqy4nX%2F3%2F6SuiIqOdggH21Zz2030k4"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
x-middleton-display: imp_sol
cache-control: no-cache, no-store, must-revalidate, max-age=0
accept-ranges: bytes
cf-ray: 6aaccf477fc41927-EWR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 43

GET
H2 200 pubads_impl_2021110201.js Show response
securepubads.g.doubleclick.net/gpt/ Frame 8453 346 KB
116 KB 41ms
41ms Script
text/javascript 142.251.40.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021110201.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.40.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s39-in-f2.1e100.net

Software

sffe /

Resource Hash

50ad3a273dd7803066fae0fb2e4eec57cdfb969f449d86309527578d7e08d249

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://itsguider.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Mon, 08 Nov 2021 06:40:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 118932
x-xss-protection: 0
last-modified: Tue, 02 Nov 2021 08:34:31 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Mon, 08 Nov 2021 06:40:24 GMT

GET
H2 200 rules-p-31iz6hfFutd16.js Show response
rules.quantcount.com/ Frame 8453 3 B
430 B 28ms
3ms Script
application/javascript 2600:9000:21dd:9600:6:44e3:f8c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://rules.quantcount.com/rules-p-31iz6hfFutd16.js
Requested by: Host: secure.quantserve.com
URL: https://secure.quantserve.com/quant.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:21dd:9600:6:44e3:f8c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://itsguider.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 07 Nov 2021 07:04:46 GMT
via: 1.1 8f53b5d73ff2f5f8cae7b49606b79bd4.cloudfront.net (CloudFront)
age: 84939
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 3
last-modified: Sat, 04 Mar 2017 19:50:24 GMT
server: AmazonS3
etag: "8a80554c91d9fca8acb82f023de02f11"
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=86400
x-amz-cf-pop: EWR53-C2
accept-ranges: bytes
x-amz-cf-id: cI9IBfHS5k5BCjHVVMebjIB7Sp5W9ppKNU-Wmg9Rtl4P0WFi-5F4QA==

GET
H2 200 pixel;r=597023703;labels=Domain.itsguider_com%2CDomainId.297268;rf=0;a=p-31iz6hfFutd16;url=https%3A%2F%2Fitsguider.com%2F336_2.php;ref=https%3A%2F%2Faccount.adstripe.net%2F;uht=2;fpan=1;fpa=P0-2521...
pixel.quantserve.com/ Frame 8453 35 B
371 B 28ms
16ms Image
image/gif 2620:116:800b:21:f803:c51b:4d23:ce8c
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pixel.quantserve.com/pixel;r=597023703;labels=Domain.itsguider_com%2CDomainId.297268;rf=0;a=p-31iz6hfFutd16;url=https%3A%2F%2Fitsguider.com%2F336_2.php;ref=https%3A%2F%2Faccount.adstripe.net%2F;uht=2;fpan=1;fpa=P0-25218707-1636353624316;pbc=;ns=1;ce=1;qjs=1;qv=11b7ea70-20211103205804;cm=;gdpr=0;d=itsguider.com;je=0;sr=1600x1200x24;dst=0;et=1636353624315;tzo=0;ogl=

Requested by

Host: itsguider.com
URL: https://itsguider.com/336_2.php

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:116:800b:21:f803:c51b:4d23:ce8c , United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

Software

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://itsguider.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Nov 2021 06:40:24 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
cache-control: private, no-cache, no-store, proxy-revalidate
content-type: image/gif
content-length: 35
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ Frame 8453 107 B
549 B 32ms
18ms Script
application/javascript 2607:f8b0:4006:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=itsguider.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021110201.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81c::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://itsguider.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 08 Nov 2021 06:40:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 8453 15 KB
7 KB 304ms
303ms XHR
text/plain 142.251.40.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=1957045891025715&correlator=55560132078629&output=ldjh&impl=fifs&eid=31063214%2C21068031&vrg=2021110201&ptt=17&sc=1&sfv=1-0-38&ecs=20211108&iu_parts=360613911%2Citsguider.com_RedMas2021&enc_prev_ius=%2F0%2F1&prev_iu_szs=336x280&cdm=itsguider.com&bc=31&abxe=1&lmt=1636353624&dt=1636353624404&dlt=1636353624161&idt=218&ea=0&frm=8&biw=-12245933&bih=-12245933&isw=336&ish=280&oid=2&adxs=0&adys=0&adks=1993164460&ucis=euwj3qcfvl5b&ifi=1&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&nhd=2&url=https%3A%2F%2Fitsguider.com%2F336_2.php&ref=https%3A%2F%2Faccount.adstripe.net%2F&top=https%3A%2F%2Faccount.adstripe.net%2F&vis=1&dmc=8&scr_x=-12245933&scr_y=-12245933&psz=336x280&msz=336x280&ga_vid=1665212624.1636353624&ga_sid=1636353624&ga_hid=588237719&ga_fc=false&fws=256&ohw=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&nvt=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021110201.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.40.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s39-in-f2.1e100.net

Software

cafe /

Resource Hash

24aa9c37c9e9b6d5823298ea4f6b592b0bf3256d681e2db7bfcc5ded6be48353

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://itsguider.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Mon, 08 Nov 2021 06:40:24 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7448
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://itsguider.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
27f6f28936d67bc1ab6b03410a182a10.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 281E 6 KB
4 KB 50ms
17ms Document
text/html 2607:f8b0:4006:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://27f6f28936d67bc1ab6b03410a182a10.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=2

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021110201.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80e::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language: en-US,en;q=0.9
Referer: https://itsguider.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
date: Mon, 08 Nov 2021 06:40:24 GMT
expires: Tue, 08 Nov 2022 06:40:24 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 8453 12 KB
9 KB 44ms
22ms XHR
application/json 2607:f8b0:4006:824::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2021110201&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021110201.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:824::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

fbacbd2054ce83616c48a4c6d51f91ce330b0a70ea04eca3599143aa923eb54a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://itsguider.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 08 Nov 2021 06:40:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9187
x-xss-protection: 0

OPTIONS
H2 204 9
toglooman.com/ Frame 0
0 217ms
72ms Preflight 139.45.197.239
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://toglooman.com/9?z=3968308&ng=1&ix=0&pt=0&np=0&gp=3&bp=4&nw=1&nb=1&sw=1600&sh=1200&pl=https%3A%2F%2Fstfly.me%2Fb7dHqrLyJ&wy=0&wx=0&ww=1600&wh=1200&cw=1600&wiw=1600&wih=1200&wfc=1&sah=1200&drf=&hil=1&ist=0
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 139.45.197.239 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://stfly.me
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

server: nginx
date: Mon, 08 Nov 2021 06:40:24 GMT
access-control-allow-credentials: true
access-control-allow-origin: https://stfly.me
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT

POST
H2 200 9 Show response
toglooman.com/ 7 B
541 B 74ms
74ms XHR
application/javascript 139.45.197.239
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://toglooman.com/9?z=3968308&ng=1&ix=0&pt=0&np=0&gp=3&bp=4&nw=1&nb=1&sw=1600&sh=1200&pl=https%3A%2F%2Fstfly.me%2Fb7dHqrLyJ&wy=0&wx=0&ww=1600&wh=1200&cw=1600&wiw=1600&wih=1200&wfc=1&sah=1200&drf=&hil=1&ist=0
Requested by: Host: toglooman.com
URL: https://toglooman.com/27/f42d5f543e173540f12b4b2a0915dcdc
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 139.45.197.239 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software: nginx /
Resource Hash: a04bf061f53e0011fd2f43bdf081526344f003c50146c88c42c2d95ef22c1821

Request headers

Referer: https://stfly.me/
Accept-Language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type: application/json

Response headers

pragma: no-cache
date: Mon, 08 Nov 2021 06:40:24 GMT
server: nginx
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
content-type: application/javascript
access-control-allow-origin: https://stfly.me
access-control-expose-headers: X-Sc
cache-control: no-store, no-cache, must-revalidate, max-age=0
access-control-allow-credentials: true
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
content-length: 7
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 8453 17 KB
7 KB 76ms
53ms Script
text/javascript 2607:f8b0:4006:816::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021110201.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:816::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a5ead9037af4a0e749e217f63b25a25493a7705e17d98f04b336ab1370a353db

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://itsguider.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Mon, 08 Nov 2021 06:40:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1624308425655142"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6467
x-xss-protection: 0
cross-origin-opener-policy-report-only: same-origin; report-to="adspam-signals-scs"
expires: Mon, 08 Nov 2021 06:40:24 GMT

GET
H2 200 gid.js Show response
my.rtmark.net/ 65 B
538 B 77ms
76ms XHR
application/json 139.45.195.8
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://my.rtmark.net/gid.js

Requested by

Host: dozubatan.com
URL: https://dozubatan.com/400/4495548

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

139.45.195.8 , United Kingdom, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

bc9ade4397618fceaf2c6a9ab5ad4c0aad58ca3ec83dbf234330f19eed691a6d

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://stfly.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Mon, 08 Nov 2021 06:40:24 GMT
x-content-type-options: nosniff
server: nginx
strict-transport-security: max-age=1
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
content-type: application/json; charset=utf-8
access-control-allow-origin: https://stfly.me
access-control-expose-headers: Authorization
access-control-allow-credentials: true
timing-allow-origin: *, *
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
content-length: 65

GET
H2 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/224/ Frame 5A6A 12 KB
5 KB 305ms
3ms Document
text/html 2607:f8b0:4006:816::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:816::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4fa0156d693856f79289525c8e4db988a188d55ce0283351c96d811c7ce3e2c3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language: en-US,en;q=0.9
Referer: https://itsguider.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length: 5029
date: Sun, 07 Nov 2021 03:44:00 GMT
expires: Mon, 07 Nov 2022 03:44:00 GMT
last-modified: Wed, 02 Jun 2021 17:09:45 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 96984
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 aframe Show response
www.google.com/recaptcha/api2/ Frame B12A 783 B
1 KB 229ms
214ms Document
text/html 2607:f8b0:4006:816::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:816::2004 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

d63dc29b1038331eb8d959fbf9ed7789d055c8db05ee1c3acf14cf6bee399d19

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-1j2IwCegUGuVT228SfgIaw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language: en-US,en;q=0.9
Referer: https://itsguider.com/

Response headers

cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
expires: Mon, 08 Nov 2021 06:40:24 GMT
date: Mon, 08 Nov 2021 06:40:24 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'report-sample' 'nonce-1j2IwCegUGuVT228SfgIaw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 512
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

OPTIONS
H2 200 4495548
dozubatan.com/500/ Frame 0
0 225ms
74ms Preflight 139.45.197.237
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://dozubatan.com/500/4495548?excludes=&oaid=1bca4a9c251247e6abde330a94142566&fs=0&cf=0&sw=1600&sh=1200&sah=1200&wx=0&wy=0&ww=1600&wh=1200&cw=1600&wiw=1600&wih=1200&wfc=1&pl=https%3A%2F%2Fstfly.me%2Fb7dHqrLyJ&drf=&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

139.45.197.237 , United Kingdom, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Origin: https://stfly.me
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

server: nginx
date: Mon, 08 Nov 2021 06:40:24 GMT
content-length: 0
access-control-allow-credentials: true
access-control-allow-headers: Content-Type
access-control-allow-methods: GET
access-control-allow-origin: https://stfly.me
access-control-max-age: 300
vary: Origin Access-Control-Request-Method Access-Control-Request-Headers
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *

GET
H2 204 4495548 Show response
dozubatan.com/500/ 0
438 B 79ms
77ms XHR
text/plain 139.45.197.237
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: dozubatan.com
URL: https://dozubatan.com/400/4495548

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

139.45.197.237 , United Kingdom, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

Referer: https://stfly.me/
Accept-Language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type: application/json

Response headers

x-trace-id: a1635009524856ef0dc3caa4149e64bc
pragma: no-cache
date: Mon, 08 Nov 2021 06:40:24 GMT
x-content-type-options: nosniff
server: nginx
vary: Origin
access-control-allow-origin: https://stfly.me
access-control-expose-headers: Link
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
access-control-allow-credentials: true
strict-transport-security: max-age=1
timing-allow-origin: *
expires: Wed, 31 Dec 1969 19:00:00 EST

GET
H2 200 container.html Show response
27f6f28936d67bc1ab6b03410a182a10.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame BA95 6 KB
3 KB 305ms
4ms Document
text/html 2607:f8b0:4006:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://27f6f28936d67bc1ab6b03410a182a10.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=2

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021110201.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80e::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language: en-US,en;q=0.9
Referer: https://itsguider.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
date: Mon, 08 Nov 2021 06:40:24 GMT
expires: Tue, 08 Nov 2022 06:40:24 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 204 sodar
pagead2.googlesyndication.com/pagead/ Frame B12A 0
0 334ms
32ms Image
text/html 142.250.64.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=224&li=gpt_2021110201&jk=1957045891025715&rc=
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 142.250.64.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: lga34s30-in-f2.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

GET
H2 200 lFqatAGMGI5ruFOuc2G8YqsaAHQUb5EGFuJALWeAUJk.js Show response
pagead2.googlesyndication.com/bg/ Frame 5A6A 35 KB
14 KB 229ms
4ms Script
text/javascript 142.250.64.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/lFqatAGMGI5ruFOuc2G8YqsaAHQUb5EGFuJALWeAUJk.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.64.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s30-in-f2.1e100.net

Software

sffe /

Resource Hash

945a9ab4018c188e6bb853ae7361bc62ab1a0074146f910616e2402d67805099

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Wed, 03 Nov 2021 21:40:16 GMT
content-encoding: br
x-content-type-options: nosniff
age: 378009
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13523
x-xss-protection: 0
last-modified: Fri, 29 Oct 2021 13:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 03 Nov 2022 21:40:16 GMT

GET
H2 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 970F 624 B
975 B 35ms
21ms Document
text/html 2607:f8b0:4006:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CL-MFxC17IYBGPXZgrgBMAE&v=APEucNXZqmLeeVXhjSd9Pzr1Uxxmn_rt28MpaPMz_4ado275DiKP5pUCr_W-VT6E4EOxHREzvRcTLYmGCnqoOPuG05e4uEashA

Requested by

Host: stfly.me
URL: https://stfly.me/b7dHqrLyJ

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80b::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language: en-US,en;q=0.9
Referer: https://27f6f28936d67bc1ab6b03410a182a10.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Mon, 08 Nov 2021 06:40:25 GMT
server: cafe
cache-control: private
content-length: 276
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Mon, 08 Nov 2021 06:40:25 GMT

GET
H2 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 01B5 55 KB
26 KB 53ms
42ms Script
text/javascript 2607:f8b0:4006:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-AxNqoa5Dwb2ANB00UJHwuCEV35Qc7XKEsx246Yv9qo4DJ7uAbu7EmQ7dJAqb9BZs-wmwyEuswD4BKf-7PH8SL1FZAt1aTnkdmIzaJMmACSjSbWAi__sLAsW3s-OjMnskD0B7DeXCjiVZu5n5BB5-cxvRVYdQ&dbm_d=AKAmf-ApLI5eZmKdIntY7YoSbJOdPg9kzMgqyfcD54pAOodEymHu8_sROvJ6IyhcMdq5eajoKNjsVAFjAkxN9jcnzk8ukyZPjvwFI0Wk_ERPXzJwePlK35FvHvee8lUt3iD5flZXVqMZQ2F6Ov1myYm113i8L-gO7xBXm6zJsP21HKOl4c27ESOHhr0mfrPTr8OHxoBp7PiZAvq9CW6NvyUFkiecQgZhOPDeB3tj77QZGHczWvS-RGTwX_b-U89KLGMTrNSodmw3yrL5cZbciirtWnAonwfFkdNjOk0jQjCfogG5OyTvgb2-atGogWKtCjlfP6KV5fbzwhVRKPNggtwXbaiOdK1U8IpKSV2OLddCxPUh9y_JcIPHF79h9aAsOReZgKfz5UVWpJn8KtQGjiojL1JDBTT_wQyxRGxQ-PJQMssIuoz1-zpxLPW8aKl4XNgK-VkDTehq0ljb1kGI5gFly-CHTFjgbZgT1oMv3HMe1sZgKQ7_dA571iXmdmOUnen1QRiEQ7dnzhikDErrJhYnDyWQhYf1C_dwdP90KwDIZV6sUFeTN-66l0lfaiE24kzWUXPgopLZewVp3a3aZGr9z1U-M9BjboLyYyse94u6RHYhBpyMuACkNwC6iQiidceW0tElmIHAAdB2OdJxW0MW5vDq_BMW9oqpXNHHpcgjWve9Zg-Mshvp2L_CdIHuRVpuMdewpBvfJtxpa4Iy2ub0psroAix0Qowk-aYBdsvCXNuPLnt4jFr9CbjbpYGWUwxKcTd4EX50Y2lwnMtfX1c-IJxY0Ptvqz0bCsIseTV52DRxXwA4F4t1ZDR82JBZ0X50TSbm6dxSGdrhJQNqNCy6YRJ4TNDEBBu0ubbcOtAmGfZTQGdimtWE7YvZpTBIWDWod9tviqVVoi5paSCpd1G8PYu6SjMRoZSvfcKd_OcS7z5z-StNMzOFalZ-lIzNefGGkQzujHoQCeAEOo5F__TeY549SZn7aJx1bCXaPAmLkhn5akqhZigyTgaJHtK_6wiBPF_A8HPIaUpt8-_7IkRJ3uIR4Hw6UFqxL_10Ra4fNsJhDPPVuAetI1UU_5A_o48o5FbfKHjQE3_mntVvKakjr34bVH2pGYJqUrIQWj3ml1ymNN_uxbAcsfs7zgyJuQxXXIuqK0fUzwiqXcF_Vst5xmRnxKFnTZ7SFTMEqzvskoQK9iMxMuCIyCgTsPkOKmVs1uTpz0hzM9NVk5h_fRdJbg3MnA3ddoDAMutAMizbP0pvx7p8froFSHP45kPLwEPzjbPXxX5DUvcjUkMHoCoNJZtulz-MHcmsRIv8ckXTX0NBXcA04LrFXz6f93-5tRsa-uv9BEf-wXh0_kHQS10vGeUzRuh2J8Y_AHmzDrp_UYeBMh1Xg2F04irQdkZpiBcAxBYC8DI6L-oVl2ATYDgzFB8h3KK8KdBOBFQJ9GK9AvonyWxwalDsFdsWS6QnXYbofJTLHGG3kHV0qTpHeRRg_3G1DzMOZUxwvw40IsfPEkVAOtbDQilRbPykTP5MvCK4cbuXo5rvHyJGrhDGLK4ystUw9eRDh93NrOQ4LwWVqys-uXzheJS1UBRD52DZlbWjPi1N9k3zSVV-gX05skFA2JYwJYVWFvnwhwhoFiyZVUzRR5aj3YrlOgFPi4pgl2p96CZiud6KfuUSfnw4RJFXoxeY1Jra3gqiFJv0HF6PVqK0aRFSku41m6KuS55RLpr4vfR_Yfvuc5n2mEfYdm_r8aIrJ_ZBFgYcm8ixsQrSRdDWfOt_07ho7JGwLjEKCE4XEuKtQNLauyhqy1NkLWKj4e2TkaOn12dZf88UREODy2B_qNj87Q4cI01H5MVaSml45miWQlOJH9jLDLEER0HzT7pbgeGCYV24LtVM55HRdi3WOYuTY9id1uwlpkW93US4Qu2F2ugl9nwjWxXPUH6FLMHc9TE4aQCDCt0Lp4C6QzY_NOfA5aBoS-1nhayU-z8wuXwO8_6UbxQ6LBnqkPfD9P9gYH4Hc-UgZH_SA6SwGPslOtoAxcXkyU7A4kai6iHhn6xUQC-q2m5p-nNS10G2Ar_5CMCf_aqvjesnYYg0zdYdPsm3q4iV78v43tOWfsShvqEVdY95kzGWC0Wkcvgwk3VyaoUX0k-opHbiDMZKCOanVYjvDQGfU7r8pBgvI0NLwzBhuqJO9V6H_cy7Z5WtROedgYd112B2t5QfCACly2gRDUqzr5JlzyDBObJ0RFKtFVVlOZYIIG8R4uDsSjAfAS_9COcLOtbIjaAUGM2yQ-iSj66adq35xNUUsUeLNWwaoqQh1wL_2LwqckpqUP8bj4NeA1iGaPCGHIVpG3Wh1ZcfAPF_nUZLCZYdLmMckP-XiVW83UJFFB0ekxa-w7QCp9ItV4Qi0rKMgpa882KmQY2gpX1wthwIMaE6YwdO6HNSlVSmWNNa6BjgujA_LHK26Nq4809gSCrOsyRpe6StwYSt4eP5tzwcB07c1pmf7WBYM3HWyEsGlNFCrNEVobL0SJdyPNOjrk7vp1D7RDjdGfc1MoBMdP_oCf6uHlUfBD6TXXA1Qksq2ygGDhTFc4it2mw1eKdRa_9CLnnD0iBGvhDOtI6_uN6IpXltN31VbmIJu1NIxOxW1G_iKel4HohngrYuvKdskhykRruFjdfG0jFuC1UDEi_q2QgL859BAmfLSgOKKeul7_FUqd7Y1vpoPD9nOMltIr2aZ7UWpMKiG-JsoHcuDCj09vtffEeSBpbilfYWLHAN0a0hfI4YdivTNzs1S-Ps6cPn01UFu8q0hMK-ubZ7a4NbCvYasrQLr2q4qulUsJ66eenorh-MsBgttZzXwL8bjVYc8EP-DP3KMUEIglmK990bQcMsU3ovXNY6Lu7KhiA4yO5xW4tAp99vMezg3G4YAsvzUc44tfOTb9HIFpzXob4S08mnsVt29aE9nXCYAej5fAMjuSbWmHxz4kUZEwsXX01COD_PJ44V7EDmVi7Tq8Zp-fbDUpkuwcB0VPbQf1v0EGPuOta0lJz38zUCd1hqCw&cid=CAASBORoqNc&rfl=4%2Chttps%253A%252F%252Fstfly.me%242%2C%2Chttps%253A%252F%252Fitsguider.com%252F%240

Requested by

Host: stfly.me
URL: https://stfly.me/b7dHqrLyJ

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80b::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e0672dc9d940ef49308c65cabe90b3eef947203e82626873599dc2df035f5e49

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://27f6f28936d67bc1ab6b03410a182a10.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Nov 2021 06:40:25 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 26515
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211103/r20110914/client/ Frame 01B5 3 KB
2 KB 3ms
3ms Script
text/javascript 2607:f8b0:4006:816::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211103/r20110914/client/window_focus_fy2019.js

Requested by

Host: stfly.me
URL: https://stfly.me/b7dHqrLyJ

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:816::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4af635698cb6488a8df86b99febedbc979c76e04f675f3a9cdc66f7b4d86aff6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://27f6f28936d67bc1ab6b03410a182a10.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Mon, 08 Nov 2021 06:20:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1179
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1470
x-xss-protection: 0
server: cafe
etag: 9165589572046851897
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 22 Nov 2021 06:20:46 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 01B5 120 KB
37 KB 49ms
25ms Script
text/javascript 2607:f8b0:4006:81d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: stfly.me
URL: https://stfly.me/b7dHqrLyJ

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81d::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a889ed53ea224d3134512762ff0cde5c4b0426379110a6592f9d0e337b859e95

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://27f6f28936d67bc1ab6b03410a182a10.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Mon, 08 Nov 2021 06:40:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37686
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1635939303405469"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 08 Nov 2021 06:40:25 GMT

GET
H2 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211103/r20110914/client/ Frame 01B5 15 KB
7 KB 4ms
3ms Script
text/javascript 2607:f8b0:4006:816::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211103/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: stfly.me
URL: https://stfly.me/b7dHqrLyJ

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:816::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

69a051355ad02c286b388a0013340d02657eb3f463d628f7fc1069c40ab8a7e5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://27f6f28936d67bc1ab6b03410a182a10.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Mon, 08 Nov 2021 06:17:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1375
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6619
x-xss-protection: 0
server: cafe
etag: 4215814365075848680
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 22 Nov 2021 06:17:30 GMT

GET
H2 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 01B5 42 B
110 B 133ms
17ms Image
image/gif 142.250.64.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-AvVXm50NEi1SlJw1rICB9p0H1pp3PRLkshwjfRGmOKK0bZ0F-6yHkbRih-_OQbGAeiAI5BPkvVtMFcw-P0KFoSuSUuC9UpMb4IZhGDUYMnJmz3iDU

Requested by

Host: stfly.me
URL: https://stfly.me/b7dHqrLyJ

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.64.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s30-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://27f6f28936d67bc1ab6b03410a182a10.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Nov 2021 06:40:25 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 970F
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEDvX60lz048Tdhfhoymn5X0&google_cver=1

43 B
1013 B

16ms
11ms

Image
image/gif

23.41.168.244
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEDvX60lz048Tdhfhoymn5X0&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CL-MFxC17IYBGPXZgrgBMAE&v=APEucNXZqmLeeVXhjSd9Pzr1Uxxmn_rt28MpaPMz_4ado275DiKP5pUCr_W-VT6E4EOxHREzvRcTLYmGCnqoOPuG05e4uEashA
Protocol: HTTP/1.1
Server: 23.41.168.244 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-41-168-244.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 08 Nov 2021 06:40:25 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Mon, 08 Nov 2021 06:40:25 GMT

Redirect headers

pragma: no-cache
date: Mon, 08 Nov 2021 06:40:25 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEDvX60lz048Tdhfhoymn5X0&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 970F
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YYjGWZ4ZgXe2ydbwPJZC3gAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEEFQwogC85MOfI6r9KgSiz0&google_cver=1

43 B
893 B

13ms
12ms

Image
image/gif

23.41.168.244
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEEFQwogC85MOfI6r9KgSiz0&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CL-MFxC17IYBGPXZgrgBMAE&v=APEucNXZqmLeeVXhjSd9Pzr1Uxxmn_rt28MpaPMz_4ado275DiKP5pUCr_W-VT6E4EOxHREzvRcTLYmGCnqoOPuG05e4uEashA
Protocol: HTTP/1.1
Server: 23.41.168.244 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-41-168-244.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 08 Nov 2021 06:40:25 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Mon, 08 Nov 2021 06:40:25 GMT

Redirect headers

pragma: no-cache
date: Mon, 08 Nov 2021 06:40:25 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEEFQwogC85MOfI6r9KgSiz0&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

bounce
ib.adnxs.com/ Frame 970F
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEJMby32dGPu8rvKV_2MDy8c&google_cver=1
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEJMby32dGPu8rvKV_2MDy8c%26google_cver%3D1

43 B
1 KB

15ms
15ms

Image
image/gif

68.67.160.117
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEJMby32dGPu8rvKV_2MDy8c%26google_cver%3D1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CL-MFxC17IYBGPXZgrgBMAE&v=APEucNXZqmLeeVXhjSd9Pzr1Uxxmn_rt28MpaPMz_4ado275DiKP5pUCr_W-VT6E4EOxHREzvRcTLYmGCnqoOPuG05e4uEashA

Protocol

HTTP/1.1

Server

68.67.160.117 New York, United States, ASN29990 (ASN-APPNEX, US),

Reverse DNS

676.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 08 Nov 2021 06:40:25 GMT
X-Proxy-Origin: 87.101.95.204; 87.101.95.204; 676.bm-nginx-loadbalancer.mgmt.nym2; adnxs.com
AN-X-Request-Uuid: 9d66d840-8ba1-4bf6-9ff3-3545d112a4d9
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Mon, 08 Nov 2021 06:40:25 GMT
X-Proxy-Origin: 87.101.95.204; 87.101.95.204; 676.bm-nginx-loadbalancer.mgmt.nym2; adnxs.com
AN-X-Request-Uuid: ae950277-3dc6-4f88-913b-d274c4d15437
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEJMby32dGPu8rvKV_2MDy8c%26google_cver%3D1
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 970F
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MzAwNDUxMzU5OTA0NjM0NDY1OA%3D%3D

170 B
188 B

24ms
21ms

Image
image/png

142.250.64.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MzAwNDUxMzU5OTA0NjM0NDY1OA%3D%3D

Requested by

Protocol

Server

142.250.64.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s30-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Nov 2021 06:40:25 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Mon, 08 Nov 2021 06:40:25 GMT
X-Proxy-Origin: 87.101.95.204; 87.101.95.204; 676.bm-nginx-loadbalancer.mgmt.nym2; adnxs.com
AN-X-Request-Uuid: 5be2d5c3-504e-420c-91a1-f4a2a90feea1
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MzAwNDUxMzU5OTA0NjM0NDY1OA%3D%3D
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20211103/r20110914/ Frame 01B5 24 KB
10 KB 56ms
3ms Script
text/javascript 142.250.64.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20211103/r20110914/abg_lite.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-AxNqoa5Dwb2ANB00UJHwuCEV35Qc7XKEsx246Yv9qo4DJ7uAbu7EmQ7dJAqb9BZs-wmwyEuswD4BKf-7PH8SL1FZAt1aTnkdmIzaJMmACSjSbWAi__sLAsW3s-OjMnskD0B7DeXCjiVZu5n5BB5-cxvRVYdQ&dbm_d=AKAmf-ApLI5eZmKdIntY7YoSbJOdPg9kzMgqyfcD54pAOodEymHu8_sROvJ6IyhcMdq5eajoKNjsVAFjAkxN9jcnzk8ukyZPjvwFI0Wk_ERPXzJwePlK35FvHvee8lUt3iD5flZXVqMZQ2F6Ov1myYm113i8L-gO7xBXm6zJsP21HKOl4c27ESOHhr0mfrPTr8OHxoBp7PiZAvq9CW6NvyUFkiecQgZhOPDeB3tj77QZGHczWvS-RGTwX_b-U89KLGMTrNSodmw3yrL5cZbciirtWnAonwfFkdNjOk0jQjCfogG5OyTvgb2-atGogWKtCjlfP6KV5fbzwhVRKPNggtwXbaiOdK1U8IpKSV2OLddCxPUh9y_JcIPHF79h9aAsOReZgKfz5UVWpJn8KtQGjiojL1JDBTT_wQyxRGxQ-PJQMssIuoz1-zpxLPW8aKl4XNgK-VkDTehq0ljb1kGI5gFly-CHTFjgbZgT1oMv3HMe1sZgKQ7_dA571iXmdmOUnen1QRiEQ7dnzhikDErrJhYnDyWQhYf1C_dwdP90KwDIZV6sUFeTN-66l0lfaiE24kzWUXPgopLZewVp3a3aZGr9z1U-M9BjboLyYyse94u6RHYhBpyMuACkNwC6iQiidceW0tElmIHAAdB2OdJxW0MW5vDq_BMW9oqpXNHHpcgjWve9Zg-Mshvp2L_CdIHuRVpuMdewpBvfJtxpa4Iy2ub0psroAix0Qowk-aYBdsvCXNuPLnt4jFr9CbjbpYGWUwxKcTd4EX50Y2lwnMtfX1c-IJxY0Ptvqz0bCsIseTV52DRxXwA4F4t1ZDR82JBZ0X50TSbm6dxSGdrhJQNqNCy6YRJ4TNDEBBu0ubbcOtAmGfZTQGdimtWE7YvZpTBIWDWod9tviqVVoi5paSCpd1G8PYu6SjMRoZSvfcKd_OcS7z5z-StNMzOFalZ-lIzNefGGkQzujHoQCeAEOo5F__TeY549SZn7aJx1bCXaPAmLkhn5akqhZigyTgaJHtK_6wiBPF_A8HPIaUpt8-_7IkRJ3uIR4Hw6UFqxL_10Ra4fNsJhDPPVuAetI1UU_5A_o48o5FbfKHjQE3_mntVvKakjr34bVH2pGYJqUrIQWj3ml1ymNN_uxbAcsfs7zgyJuQxXXIuqK0fUzwiqXcF_Vst5xmRnxKFnTZ7SFTMEqzvskoQK9iMxMuCIyCgTsPkOKmVs1uTpz0hzM9NVk5h_fRdJbg3MnA3ddoDAMutAMizbP0pvx7p8froFSHP45kPLwEPzjbPXxX5DUvcjUkMHoCoNJZtulz-MHcmsRIv8ckXTX0NBXcA04LrFXz6f93-5tRsa-uv9BEf-wXh0_kHQS10vGeUzRuh2J8Y_AHmzDrp_UYeBMh1Xg2F04irQdkZpiBcAxBYC8DI6L-oVl2ATYDgzFB8h3KK8KdBOBFQJ9GK9AvonyWxwalDsFdsWS6QnXYbofJTLHGG3kHV0qTpHeRRg_3G1DzMOZUxwvw40IsfPEkVAOtbDQilRbPykTP5MvCK4cbuXo5rvHyJGrhDGLK4ystUw9eRDh93NrOQ4LwWVqys-uXzheJS1UBRD52DZlbWjPi1N9k3zSVV-gX05skFA2JYwJYVWFvnwhwhoFiyZVUzRR5aj3YrlOgFPi4pgl2p96CZiud6KfuUSfnw4RJFXoxeY1Jra3gqiFJv0HF6PVqK0aRFSku41m6KuS55RLpr4vfR_Yfvuc5n2mEfYdm_r8aIrJ_ZBFgYcm8ixsQrSRdDWfOt_07ho7JGwLjEKCE4XEuKtQNLauyhqy1NkLWKj4e2TkaOn12dZf88UREODy2B_qNj87Q4cI01H5MVaSml45miWQlOJH9jLDLEER0HzT7pbgeGCYV24LtVM55HRdi3WOYuTY9id1uwlpkW93US4Qu2F2ugl9nwjWxXPUH6FLMHc9TE4aQCDCt0Lp4C6QzY_NOfA5aBoS-1nhayU-z8wuXwO8_6UbxQ6LBnqkPfD9P9gYH4Hc-UgZH_SA6SwGPslOtoAxcXkyU7A4kai6iHhn6xUQC-q2m5p-nNS10G2Ar_5CMCf_aqvjesnYYg0zdYdPsm3q4iV78v43tOWfsShvqEVdY95kzGWC0Wkcvgwk3VyaoUX0k-opHbiDMZKCOanVYjvDQGfU7r8pBgvI0NLwzBhuqJO9V6H_cy7Z5WtROedgYd112B2t5QfCACly2gRDUqzr5JlzyDBObJ0RFKtFVVlOZYIIG8R4uDsSjAfAS_9COcLOtbIjaAUGM2yQ-iSj66adq35xNUUsUeLNWwaoqQh1wL_2LwqckpqUP8bj4NeA1iGaPCGHIVpG3Wh1ZcfAPF_nUZLCZYdLmMckP-XiVW83UJFFB0ekxa-w7QCp9ItV4Qi0rKMgpa882KmQY2gpX1wthwIMaE6YwdO6HNSlVSmWNNa6BjgujA_LHK26Nq4809gSCrOsyRpe6StwYSt4eP5tzwcB07c1pmf7WBYM3HWyEsGlNFCrNEVobL0SJdyPNOjrk7vp1D7RDjdGfc1MoBMdP_oCf6uHlUfBD6TXXA1Qksq2ygGDhTFc4it2mw1eKdRa_9CLnnD0iBGvhDOtI6_uN6IpXltN31VbmIJu1NIxOxW1G_iKel4HohngrYuvKdskhykRruFjdfG0jFuC1UDEi_q2QgL859BAmfLSgOKKeul7_FUqd7Y1vpoPD9nOMltIr2aZ7UWpMKiG-JsoHcuDCj09vtffEeSBpbilfYWLHAN0a0hfI4YdivTNzs1S-Ps6cPn01UFu8q0hMK-ubZ7a4NbCvYasrQLr2q4qulUsJ66eenorh-MsBgttZzXwL8bjVYc8EP-DP3KMUEIglmK990bQcMsU3ovXNY6Lu7KhiA4yO5xW4tAp99vMezg3G4YAsvzUc44tfOTb9HIFpzXob4S08mnsVt29aE9nXCYAej5fAMjuSbWmHxz4kUZEwsXX01COD_PJ44V7EDmVi7Tq8Zp-fbDUpkuwcB0VPbQf1v0EGPuOta0lJz38zUCd1hqCw&cid=CAASBORoqNc&rfl=4%2Chttps%253A%252F%252Fstfly.me%242%2C%2Chttps%253A%252F%252Fitsguider.com%252F%240

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.64.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s30-in-f2.1e100.net

Software

cafe /

Resource Hash

f8957910f9a887e298f5c082685e139255d095ec819e8b8cc6469b0006ef204b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://27f6f28936d67bc1ab6b03410a182a10.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Mon, 08 Nov 2021 06:39:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 71
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9560
x-xss-protection: 0
server: cafe
etag: 378257483732583304
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 22 Nov 2021 06:39:14 GMT

GET
H2 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20211103/r20110914/elements/html/ Frame 01B5 8 KB
3 KB 58ms
5ms Script
text/javascript 142.250.64.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20211103/r20110914/elements/html/omrhp.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.64.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s30-in-f2.1e100.net

Software

cafe /

Resource Hash

9db8a678d1681c1c4a3f15e1769c3f54d96f126db4a7b00cea65127c820a7763

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://27f6f28936d67bc1ab6b03410a182a10.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Mon, 08 Nov 2021 06:35:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 275
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3140
x-xss-protection: 0
server: cafe
etag: 17163059639670574047
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 22 Nov 2021 06:35:50 GMT

POST
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 01B5 0
255 B 45ms
27ms Ping
image/gif 142.250.64.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsskNYhJ_RW1HX2EyaWABQcH9VigHImeIyZYneBtm2A7R8kviXChCwoLHzy-PvIJZ5h1gJZ1XuDYfXw3wfcaL3l5eJ24uHviBT9ke6fDFzHzUwkLnbR0dUxivIOkd4KRjo0PU6C64FIZDU7zFDlz7IiFPXhkzIqKYh4biHE0ynbX1wsRvsDzti6HMIb2Y8kDXGTMBCs3orNWkTMdkTi_1xcu-dTA2TicYusMKG5zixqaHo0lXhj8QHJOrEPxUezqmDZu8uIzt4GUMZoT_DBf0ZNq3bO0Pdit3JQpd40bMYXiSsZ6szXttjEE8j30J8mATcx9qVPwFph6Bv77fQ9bfmqSIeoOThLS9XnFLIh0omRdu1vQj_Oevu5iU1pnBDk5fHYy2EhPRVYDNdDVrOyjKLgDqfcStZRqSu1G61ebmaCQ9tL-3nDc0IJNvPD3H5InEZTFLFWGg2_R2yDd8BYmt_yhOMcnSrhru-0u7KWn9jljRwbh8SeXVjt6fXDxhhwSmIcuKq6h5vpv9GAcBewXPMp8CBhZ9bHo_mRFlrhyi7izvJaocFWZ6BqFIGZTT0A8mG7RhVOeedmPsqhKrRPwLO7qUsS4aS_bGjg2zmF8aPapFZN6_PtQrqEjULp9oarOnbc4UNPWWXqmfO06ID-X9UX1RqBWaDucyvmNCF704K7DYU2LrsmEWqUnUicS9bmOtTlih6Sw852EDYWHu4zcwc3IYk0GjXJ86Mbs-G-eAMlzX7XDY1R_5rpD65DP4x3THKFgHKUtUaDOPROquI5mF9YKiusXqqDGaeKgo0sA4rftMkaUGvCen2V64Fl2WJNuvs23jvtYnbgLVvYFmrNgCB6bWNBWul5NpZM5GLBnLkCHwLyLu9tkChyOM69XYptTtEhaxJ4-mKOh7y_hmi1kXHIkS6vRyJWHF8HG5co_ZXu3L5Ceh3RyEfEJW8VZKqc3e0YTgkw19FNrxYDEaazzVpx5phkNwi4Nm8RUWl7mrynIf_lF7FlixlbEL4wwwEyFGPKhpr6YcIAmiocPfxOXHZXcWEySJhYTH7DGOLtLaXZ-d8eV5cs4nQ6nbs-800_1rAXIXLRlyXHsYF_iZZ8nB4Lz_83nMGHkFNe4XlKd-X_HI_sQGdphnR0ybdlZejMHUCtlC52Cv8QQn1_5aPEKbBbil_coyvhHBqp0UBY&sai=AMfl-YQey56zZA5gw9VsJX4GTiXUaLrU4TxHvG0wl5eTouB4NjsQBjWlQ3qf-zuKAoxtPgthN2R7RAd-pAaF5JC-LDHxOnjUCDw7f5gCDuqvtnYDdHNbvoj77dkQ5l6sOCgXCn33j7uHQteyTuJohkGSFe0N&sig=Cg0ArKJSzLprb7cERxBQEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=1&cbvp=1&cstd=0&cisv=r20211103.18422&adurl=

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.64.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s30-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://27f6f28936d67bc1ab6b03410a182a10.safeframe.googlesyndication.com/
Accept-Language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
date: Mon, 08 Nov 2021 06:40:25 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H2 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 01B5 41 KB
15 KB 4ms
3ms Script
text/javascript 2607:f8b0:4006:816::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:816::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://27f6f28936d67bc1ab6b03410a182a10.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sat, 06 Nov 2021 16:05:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 138868
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="adspam-signals-scs"
expires: Sun, 06 Nov 2022 16:05:57 GMT

GET
H2 200 95677-21-VC_ENROLLMENT_UMBRELLA_CAMPAIGN_ASSETS_IP_BabysitVSPIP_300x250_FINAL_1_.jpg
s0.2mdn.net/1845484/ Frame 01B5 55 KB
56 KB 35ms
5ms Image
image/jpeg 2607:f8b0:4006:80c::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/1845484/95677-21-VC_ENROLLMENT_UMBRELLA_CAMPAIGN_ASSETS_IP_BabysitVSPIP_300x250_FINAL_1_.jpg

Requested by

Host: 27f6f28936d67bc1ab6b03410a182a10.safeframe.googlesyndication.com
URL: https://27f6f28936d67bc1ab6b03410a182a10.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80c::2006 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3ea3f37e13fda1df1751916f440db1d8aa0d279d4ef5a41b42a46d21539c89c0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://27f6f28936d67bc1ab6b03410a182a10.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 07 Nov 2021 15:50:14 GMT
x-content-type-options: nosniff
age: 53411
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 56430
x-xss-protection: 0
last-modified: Mon, 11 Oct 2021 03:21:29 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 08 Nov 2021 15:50:14 GMT

GET
H2 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame D190 22 KB
8 KB 4ms
3ms Document
text/html 2607:f8b0:4006:816::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:816::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language: en-US,en;q=0.9
Referer: https://27f6f28936d67bc1ab6b03410a182a10.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
timing-allow-origin: *
content-length: 8395
date: Sat, 06 Nov 2021 16:05:57 GMT
expires: Sun, 06 Nov 2022 16:05:57 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 138868
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 lFqatAGMGI5ruFOuc2G8YqsaAHQUb5EGFuJALWeAUJk.js Show response
pagead2.googlesyndication.com/bg/ Frame D190 35 KB
13 KB 16ms
5ms Script
text/javascript 142.250.64.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/lFqatAGMGI5ruFOuc2G8YqsaAHQUb5EGFuJALWeAUJk.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.64.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s30-in-f2.1e100.net

Software

sffe /

Resource Hash

945a9ab4018c188e6bb853ae7361bc62ab1a0074146f910616e2402d67805099

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Wed, 03 Nov 2021 21:40:16 GMT
content-encoding: br
x-content-type-options: nosniff
age: 378009
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13523
x-xss-protection: 0
last-modified: Fri, 29 Oct 2021 13:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 03 Nov 2022 21:40:16 GMT

POST
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 01B5 0
60 B 21ms
20ms Ping
image/gif 142.250.64.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.64.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s30-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://27f6f28936d67bc1ab6b03410a182a10.safeframe.googlesyndication.com/
Accept-Language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
date: Mon, 08 Nov 2021 06:40:25 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
DATA 200
OK truncated
/ Frame 01B5 217 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: c268e03fd6a8aaf5a11453470f74d475daa143edf40f27cadf9dc9d1485f2268

Request headers

Accept-Language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 8453 0
56 B 19ms
18ms Image
image/gif 142.250.64.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=224&t=2&li=gpt_2021110201&jk=1957045891025715&bg=!PD-lP3vNAAYH3anuB907ACkAdvg8Wil3TIi9AkQsBUOzqjeMm6Jt9xvPGi_O5JoQ2GN5N9GXFDYqpQIAAADAUgAAAAtoAQeZAtrb2nGdXMR_SBQytD9VhbsKm0VYQ9-Q5iQksn0R-XRFry_SFKCaDSd2ogcHq1ow4-LQ-SuKJAr8CgNqQdVvn5UUklVoJbOTZLt5ah1hHOTaz35D5blnGpIhDP1Yn6H2CvFyK6di5K5T-mCNJmOupFPgMXLAMHkQcYfeLF6nWACPG_x-tVXRS_uqxfKk8Km4bmVulsgXyFOC6mNKvKOZyrsdV4kQ7VZ_W6_LEuRIbiNexJvajgwHe65GIGZvseKixb7j_aQ8cnu0ZFLca51XVg-qeJhRU5CWvsAorPnyOujYVlOlpeg1dHKFRlL2acGfCVadUHe5Tp8SjSFEsip2lJlEqeF0NNWMohJTKSGPEChFJbTaIlQsAvJnSclBsBakX5U3PFsR4T-QI7FHV0-um8jNR2DXJDSypXd65NxBCa1ZrP3BvtswfeG8LyYSGbFmHE1zn5l3m-etEpFA2TuGVUu7jCqBe0JVgDrT9c3KPfMdd7yAAiolDGm9FYH_AnTllXakluUvMDheBdko0fICmz8xU5viLC3u9b8wvjBpHelvOV8zmjsTVidR1Porf7N2ECSuOXCKCT9lLTmzF8zQc1IehoeAeo-SGidLmHIRjY2crAdObD2VguIbdibBFv6gAyt_A38qCZ4hd53_bb4My-h9o52-A0Xu2FfH33wxxHu_Qj6gTDJpxvmqcKJeQUUAC_E8qsnfIOrsFubel7Apb_he8KoeFRo3gqmY-0xTYcOeZDrcYnoL0sOo_Q_Gxrzd7crwbpbu9o6qAsScOX2dIVzg8xewjA6187UZW3PRVkrmM-WTjsTXSHmXGu8XlZ_jo8dn0yBTk42MyVqoaB08_akKmO0eWpIameC4g93qqPTbamSHU_r29pEMHnOAtGAy5RinzNMg-DeILoU1OFqCb961YLxA4nU8lI_FySrAACtZTpHSL1j8FU9EKeriyUQoQrjRy7zHW-jB5fJr

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.64.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s30-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://itsguider.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Nov 2021 06:40:25 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame D190 0
56 B 19ms
19ms Image
image/gif 142.250.64.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BN9frWcaIYdatBZGLoPwPnMGNiAQAAAAAOAHgBAI&bg=!OzilOHzNAAYH3anuB907ACkAdvg8WvUMkePciu8xVmdxra3gJpY5X6VpBxEsymVJYjqAarJdNokGTgIAAACCUgAAAA1oAQcKAAigxNB12T2veJkDhzutmFyKvNHoJxSHYHs2HIRCBr1XCsev9v0EUfF4Py1Zj4jppIwYVaf9UUpLxYb-1jSsapJKUJLkHgHuuVBrgvOdB26ufryo30sp1IWEeIjqy3drrIDiZA0PM6i7pvs6JImWAF70imnsZAP0vep2DPocm_rHn9q3ctKNsoCbqg04LmQq6YNkFatvlsj84Ab7TTV79oc4NKnJHa_ieKE5iB4hUmaw6czSH5xFA7AVavrl4vdq1xiyVpvzNXcw22ydavj7Ffu0RTkLZfFOYOBGUzESP4tR7yKzi_NWf1TKFZY6HS5O2vx-A2DdswALUeXLJoQM283eP0SJIwk5fDnUm4Rb64iIouZdOBaezwu5x6zKMHwkupSY4V7RYm3GsaM56EuImVA8S0s7_gFcu1f1hf07nsQng8WZw4jS7_OePUUU9hNKNR7wnN-qGZge8ShXX3TbUFwInDT1dst_1Q9eJPYu-MAmSRhnG6x1MA8YjDuvdq9RMVWp2USvez5ztPVB83qRue_YWA649l9ekjwhhtJXCgo1IPJ0Evm_4D-dzxGvXcJKcYkYEkyOYlQsBXoQ3K0Pc2V21juaJRfGVikP7WfSBcdEZIxBo_8M-sdUJjbYPbntKXn0jFMP1DKJfy5DTYQvCVYf8tvFjhdz11Ywd3ek9ndoUBQBgvVFJ4AcFMtiHrhUR3VPg6DgWKkGaGUofHJnziAMgrYlN3nibwvu9lIruK6BFZvTbnTSSOh2Z0DKzirBb2jXXryum0N3Xdo50WbRZWs8S8TG0m8YmYrNerRSH2hQbdURXu5ZDPJ-MwQ9uE0s9j7pH6mKbrVEzv_tGw2EiqcRn575GurE6xqzphXTRNMe3iSaMA0oa3Ca5v1Ni2INRWCJTYSNMhzxW86-GTGyTV6tcaLBP9AlBxsnU2JM1BJGYN69iDGrh_BQBxzxNu33JdT7kAj5yQIllhfg20JCeP4SQTkZGtvRkiGZwblWlm7HdYWlIij5Z0nncKAWC_X4FUL0Shb6dWZURF0xdl9nc91Lz8Cvf1cjgVEo1OewN0H9kuPeOLVmLBlEKh1OxKpMJqHH52XPlRdGSVad7PZFm44SvhMwaI4Uj1Jy_P4AlcuLFhKv4o0h72aU0H3H0gGA2ozsitG1BHlc1Ep1ltiSdU-shZCjygRqPJDtlLeAlPs0HbD47tEUEqe2YkQkAA7edusM1A

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.64.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s30-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Nov 2021 06:40:25 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 01B5 42 B
174 B 25ms
24ms Fetch
image/gif 2607:f8b0:4006:824::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjssW4Ma4TW48cUBCwVg7Xi0RyHZ0NbzuAjE4j2giif4mho-9v06i2V6VcfaWjcNrKopxlWuVOv-MC4bukNy-F2xeiPYMtlZLR1J3OQ&sai=AMfl-YSoIyfLuTR-ghqTZ88XNDR1x38nFmJ3W7ehj1XBJ-Ylj3AGGkpalo0dx1v8sRa570mqAFKie7yvLKdj&sig=Cg0ArKJSzN5zpbimulC4EAE&cid=CAASBORoqNc&id=lidar2&mcvt=1000&p=0,0,254,300&mtos=0,1000,1000,1000,1000&tos=0,1000,0,0,0&v=20211103&bin=7&avms=nio&bs=0,0&mc=0.98&if=1&app=0&itpl=20&adk=1993164460&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0%3D&vs=4&r=v&rst=1636353625049&rpt=194&met=mue&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:824::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://27f6f28936d67bc1ab6b03410a182a10.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Nov 2021 06:40:26 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

63 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

24 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
toglooman.com/42	1970-01-20 07:18:09	Name: OAID Value: 628579e94f7149fa825018b89dcd1996
toglooman.com/42	1970-01-20 07:18:09	Name: oaidts Value: 1636353624
omchanseyr.com/	1970-01-20 07:18:09	Name: OAID Value: 1bca4a9c251247e6abde330a94142566
gimpybedderump.com/	1970-01-19 22:34:00	Name: GL_UI4 Value: eJw9jVtOwzAURPMOVUnESFkAS0jBrcgnYhF8Rtf2JTVN7Moxjdg9FhJ8zdE8NEmSZF2L9FblyL%2FoiMdBMUslSL88kyQpB6FF%2FzRIoRUJPp2wM%2BsYSM4cCtxPbNkbNSqnucFDjP6ci3WbLVBKT1Y3KJfYmBvU0rttZd%2FlKCwtjOrt7F3UcqFP55ENx4jGRkx7ZG7t8naH%2Bt1YHXftHtmhb5sqwf46U%2FhwfhmNrlKUkyfNSF9xpyjw5Pw3as3rJbgr4GY9%2Fvd%2Fb%2FPt0KPSfDMqfrtwZv8Da3NLtQ%3D%3D
gimpybedderump.com/	1970-01-19 22:34:00	Name: GL_GI10 Value: eJxNjU9rwkAUxONG00g0ZaAfIF%2FAoKLYnr22XkIOnhZJnrKI%2B5bdZ9v00%2FuPlp5mmOE3E0WResmhjMP4dVXOprPybVnOpwvEB2KousKo4bMV32m7OxHGtTVCbVHJTigg8XQwbKE2W2QPrxtuCYO6mvzL7my6oa9iy%2F6IfmOkyzMMb%2FoAshvw28cmOKQf88WqeJcWQ0uigyO62jV7x%2F56jvwvvS8kMVITtPP83SU9PIs50Q9b0rzfB5KnAXqfiboAuwFGlQ%3D%3D
stfly.me/	1970-01-19 22:32:37	Name: _data_html Value: 2-1
.itsguider.com/	1970-01-20 07:18:09	Name: ezosuigeneris-0 Value: 05ada125c1959e87f1b776c96da0ffc1
toglooman.com/	1970-01-20 07:18:09	Name: scm Value: 1
toglooman.com/	1970-01-20 07:18:09	Name: OAID Value: 628579e94f7149fa825018b89dcd1996
toglooman.com/	1970-01-20 07:18:09	Name: oaidts Value: 1636353624
my.rtmark.net/	1970-01-20 07:18:09	Name: ID Value: 1bca4a9c251247e6abde330a94142566
stfly.me/	1970-01-19 22:32:33	Name: prefetchAd_3381289 Value: true
omchanseyr.com/	1970-01-20 07:18:09	Name: oaidts Value: 1636353624
omchanseyr.com/	1970-01-19 22:42:38	Name: syncedCookie Value: true
.quantserve.com/	1970-01-20 08:02:48	Name: mc Value: 6188c658-52d0d-9e4ef-eb619
dozubatan.com/	1970-01-20 07:18:09	Name: OAID Value: 1bca4a9c251247e6abde330a94142566
.doubleclick.net/	1970-01-20 16:03:45	Name: IDE Value: AHWqTUmAe4xA3MlfMLFGuDyrlw_e-jQmvhKqHP1ZksCDBmFr4HI96Qr19bi1cXMPbqM
.casalemedia.com/	1970-01-20 07:18:09	Name: CMID Value: YYjGWZ4ZgXe2ydbwPJZC3gAA
.casalemedia.com/	1970-01-20 00:42:09	Name: CMPS Value: 3880
.casalemedia.com/	1970-01-20 00:42:09	Name: CMPRO Value: 039
.casalemedia.com/	1970-01-19 22:34:00	Name: CMST Value: YYjGWWGIxlkA
.adnxs.com/	1970-01-20 00:42:09	Name: anj Value: dTM7k!M41.D>6NRF']wIg2GU!p08ii!]tbPl1M>e)ZlrFUfJ+tGXxp.Hh6J>?5Xbh[G=`TKCHQC^Apba_KAdZeFE$Q%nugO%v4VB%nm)G)ldr$
.adnxs.com/	1970-01-20 00:42:09	Name: uuid2 Value: 8695858334542208859
.casalemedia.com/	1970-01-20 07:18:09	Name: CMRUM3 Value: 2d6188c6592760CAESEEFQwogC85MOfI6r9KgSiz0

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

27f6f28936d67bc1ab6b03410a182a10.safeframe.googlesyndication.com
account.adstripe.net
adservice.google.com
cm.g.doubleclick.net
dozubatan.com
dsum-sec.casalemedia.com
fonts.googleapis.com
fonts.gstatic.com
gimpybedderump.com
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
ib.adnxs.com
itsguider.com
my.rtmark.net
omchanseyr.com
pagead2.googlesyndication.com
pixel.quantserve.com
rules.quantcount.com
s0.2mdn.net
secure.quantserve.com
securepubads.g.doubleclick.net
stfly.me
toglooman.com
tpc.googlesyndication.com
www.google.com
www.googletagservices.com
139.45.195.8
139.45.197.237
139.45.197.238
139.45.197.239
142.250.64.66
142.251.40.226
23.41.168.244
2600:9000:21dd:9600:6:44e3:f8c0:93a1
2606:4700:3033::ac43:9993
2606:4700:3036::ac43:859c
2606:4700:e6::ac40:c20d
2607:f8b0:4006:809::2003
2607:f8b0:4006:80b::2002
2607:f8b0:4006:80c::2006
2607:f8b0:4006:80e::2001
2607:f8b0:4006:816::2001
2607:f8b0:4006:816::2004
2607:f8b0:4006:816::200a
2607:f8b0:4006:81c::2002
2607:f8b0:4006:81d::2002
2607:f8b0:4006:824::2002
2620:116:800b:21:f803:c51b:4d23:ce8c
51.254.89.232
68.67.160.117
0047f2b4e58d50cd286045db5a9a694d843c551e96e92f7bcd10bf2e111149f2
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
147b08aa6afaa0b704ebedb56d0b146a7e33600a971e5d20773b3371db70be11
1c5ad2fd42dffdf04a0f1d757c1cccb4d840218d7ecada79d6cc9db33ca40319
24aa9c37c9e9b6d5823298ea4f6b592b0bf3256d681e2db7bfcc5ded6be48353
30880ac28b4bac5e9ffa9e448960cb7952839d0a7e20c0ea468b2ea1218cfe27
317c0221552dea816dbcd4b36e6fa8719430508e8b9f52ab70160c17d6ce3493
3d0021f21a56e0acfd02b35146e9696db4702fa3f2037313dde045e45286189e
3ea3f37e13fda1df1751916f440db1d8aa0d279d4ef5a41b42a46d21539c89c0
4af635698cb6488a8df86b99febedbc979c76e04f675f3a9cdc66f7b4d86aff6
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4fa0156d693856f79289525c8e4db988a188d55ce0283351c96d811c7ce3e2c3
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
50ad3a273dd7803066fae0fb2e4eec57cdfb969f449d86309527578d7e08d249
53d91fb2b51a3daa0645f78f71b29e695f42b0ac6db0d29f7fc7e5e38c3ffb7a
56094bd0f62236c479b48ca45d27ef4607b370a642f3cff0b54e5fa370a2cde0
5af46f0f5413fa15f57222cbbdc5a8eedff0c25f94a973ce8bfb54e943f9e1dd
66219bc99ac30a346552ced8a3a2739c915b441219cfd9cf3dbef943cf7ca7bf
69a051355ad02c286b388a0013340d02657eb3f463d628f7fc1069c40ab8a7e5
6e89e7f2a7e8a9cc724a5b8701c7c9b1e0f9874689d836b638258054086f1f52
752f02507af278542d857a5638352e274e0f14b1abb4a4a3c134481d78513b84
83521aad7c96625246ef4168f1d84d12b0652e8eb61ad0875066fee1fa797daf
85821da273b7d5dc51f8c9ff01bb46fa3461f36aef2977a6c74aa66cc2bd503e
88915cdc03fc5b9a20aec966fe93ee38aa3fd76bfef296e41d305271b3541c96
89e38ae45e4ab6870530ad77bc793c32dcb03a600156b9930ffe3104f6702b25
8f55d6aa43628f81ce850978fb21dab269a8d9b926128757cdce84c01b526d8e
945a9ab4018c188e6bb853ae7361bc62ab1a0074146f910616e2402d67805099
9db8a678d1681c1c4a3f15e1769c3f54d96f126db4a7b00cea65127c820a7763
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
a04bf061f53e0011fd2f43bdf081526344f003c50146c88c42c2d95ef22c1821
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a5ead9037af4a0e749e217f63b25a25493a7705e17d98f04b336ab1370a353db
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
a889ed53ea224d3134512762ff0cde5c4b0426379110a6592f9d0e337b859e95
ad697a6f35d551e7ba204612d585708366be6650d33920837bda33a64d915efb
af30847cfd1652a498307d555fec1d6fb680fcdafbc143f19a19ef7e42633776
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b62d3ff7ec9f5543b6d6a2429170ed375b550d869b90d9886464143cd89b83ef
bc9ade4397618fceaf2c6a9ab5ad4c0aad58ca3ec83dbf234330f19eed691a6d
c268e03fd6a8aaf5a11453470f74d475daa143edf40f27cadf9dc9d1485f2268
c874d25cf5f26216f7fa389dbddfd0dcadc11ca93cfe8f2c89ac7657177c1d55
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356
ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142
d63dc29b1038331eb8d959fbf9ed7789d055c8db05ee1c3acf14cf6bee399d19
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
df13b2bb492cfe24e54a5fbdda0b434e5071be93b12683ab32ddc4318bc44a63
dfa881fc4b288244d63523f288205175996365023f2e835fa7428e654b48609d
e0672dc9d940ef49308c65cabe90b3eef947203e82626873599dc2df035f5e49
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f65dd0ed5ab0097e2cb276b346ccfaddb2a9134c9278af39c6a24cd821fce06f
f8957910f9a887e298f5c082685e139255d095ec819e8b8cc6469b0006ef204b
fbacbd2054ce83616c48a4c6d51f91ce330b0a70ea04eca3599143aa923eb54a
fdf4726321914d65ac988b2a5c33e048421c8369fa40d987321c1a602f798b39

stfly.me Open in urlscan Pro 2606:4700:e6::ac40:c20d Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page Statistics

70 Requests

94 %HTTPS

63 %IPv6

19 Domains

26 Subdomains

25 IPs

2 Countries

804 kBTransfer

2167 kBSize

24 Cookies

0 Outgoing links

Redirected requests

70 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

stfly.me Open in urlscan Pro
2606:4700:e6::ac40:c20d Public Scan

Screenshot
Live screenshot

Full Image

70
Requests

94 %
HTTPS

63 %
IPv6

19
Domains

26
Subdomains

25
IPs

2
Countries

804 kB
Transfer

2167 kB
Size

24
Cookies

70 HTTP transactions
1 data transactions