saml.federation.effem.com Open in urlscan Pro
178.18.246.10 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://saml.federation.effem.com/
Submission: On December 06 via manual (December 6th 2022, 2:55:49 pm UTC) from US — Scanned from DE

Summary HTTP 54 Redirects Links 2 Behaviour Indicators

Summary

This website contacted 11 IPs in 3 countries across 11 domains to perform 54 HTTP transactions. The main IP is 178.18.246.10, located in Munich, Germany and belongs to CONTABO, DE. The main domain is saml.federation.effem.com.
TLS certificate: Issued by R3 on November 22nd 2022. Valid for: 3 months.

This is the only time saml.federation.effem.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
30 35	178.18.246.10 178.18.246.10	51167 (CONTABO) (CONTABO)
1	2a00:1450:400... 2a00:1450:4001:803::200a	15169 (GOOGLE) (GOOGLE)
3	2606:4700::68... 2606:4700::6812:acf	13335 (CLOUDFLAR...) (CLOUDFLARENET)
31	2a06:98c1:312... 2a06:98c1:3120::3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2001:4de0:ac1... 2001:4de0:ac18::1:a:1b	20446 (STACKPATH...) (STACKPATH-CDN)
1	2606:4700::68... 2606:4700::6811:190e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
6	104.75.88.126 104.75.88.126	16625 (AKAMAI-AS) (AKAMAI-AS)
2	2a00:1450:400... 2a00:1450:4001:80b::2003	15169 (GOOGLE) (GOOGLE)
1	88.221.169.143 88.221.169.143	16625 (AKAMAI-AS) (AKAMAI-AS)
2	146.75.116.193 146.75.116.193	54113 (FASTLY) (FASTLY)
54	11

35 178.18.246.10 (Munich, Germany) 30 redirects

ASN51167 (CONTABO, DE)
PTR: vmi613361.contaboserver.net

saml.federation.effem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:803::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700::6812:acf (United States)

ASN13335 (CLOUDFLARENET, US)

maxcdn.bootstrapcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

31 2a06:98c1:3120::3 (United States)

ASN13335 (CLOUDFLARENET, US)

f-i-n-d.onlyfuns.win	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
go.onlyfuns.win	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4de0:ac18::1:a:1b (Netherlands)

ASN20446 (STACKPATH-CDN, US)

code.jquery.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:190e (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 104.75.88.126 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-75-88-126.deploy.static.akamaitechnologies.com

s7.addthis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
v1.addthisedge.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
m.addthis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:80b::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 88.221.169.143 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a88-221-169-143.deploy.static.akamaitechnologies.com

z.moatads.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 146.75.116.193 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

i.imgur.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
35	effem.com 30 redirects saml.federation.effem.com	61 KB
31	onlyfuns.win f-i-n-d.onlyfuns.win go.onlyfuns.win	14 MB
5	addthis.com s7.addthis.com — Cisco Umbrella Rank: 1855 m.addthis.com — Cisco Umbrella Rank: 1805	169 KB
3	bootstrapcdn.com maxcdn.bootstrapcdn.com — Cisco Umbrella Rank: 876	97 KB
2	imgur.com i.imgur.com — Cisco Umbrella Rank: 5766	134 KB
2	gstatic.com fonts.gstatic.com	74 KB
1	addthisedge.com v1.addthisedge.com — Cisco Umbrella Rank: 2171	1 KB
1	moatads.com z.moatads.com — Cisco Umbrella Rank: 448	1 KB
1	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 242	7 KB
1	jquery.com code.jquery.com — Cisco Umbrella Rank: 759	30 KB
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 51	1 KB
54	11

	Domain	Requested by
35	saml.federation.effem.com	30 redirects saml.federation.effem.com
30	go.onlyfuns.win	saml.federation.effem.com
3	s7.addthis.com	saml.federation.effem.com s7.addthis.com
3	maxcdn.bootstrapcdn.com	saml.federation.effem.com maxcdn.bootstrapcdn.com
2	i.imgur.com	saml.federation.effem.com
2	m.addthis.com	s7.addthis.com saml.federation.effem.com
2	fonts.gstatic.com	fonts.googleapis.com
1	v1.addthisedge.com	s7.addthis.com
1	z.moatads.com	s7.addthis.com
1	cdnjs.cloudflare.com	saml.federation.effem.com
1	code.jquery.com	saml.federation.effem.com
1	f-i-n-d.onlyfuns.win	saml.federation.effem.com
1	fonts.googleapis.com	saml.federation.effem.com
54	13

This site contains links to these domains. Also see Links.

Domain
search.onlyfuns.win
www.addthis.com

Subject Issuer	Validity	Valid
in.healthincity.com R3	`2022-11-22` - `2023-02-20`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2022-11-02` - `2023-01-25`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-01-29` - `2023-01-29`	a year	crt.sh
*.jquery.com Sectigo RSA Domain Validation Secure Server CA	`2022-08-03` - `2023-07-14`	a year	crt.sh
odc-addthis-prod-01.oracle.com DigiCert SHA2 Secure Server CA	`2022-02-27` - `2023-02-28`	a year	crt.sh
*.gstatic.com GTS CA 1C3	`2022-11-02` - `2023-01-25`	3 months	crt.sh
moatads.com DigiCert TLS RSA SHA256 2020 CA1	`2022-11-16` - `2023-11-18`	a year	crt.sh
*.imgur.com DigiCert TLS RSA SHA256 2020 CA1	`2022-03-08` - `2023-03-16`	a year	crt.sh

This page contains 3 frames:

Primary Page: https://saml.federation.effem.com/
Frame ID: 38D145650D0C04D8AAE2F9B48D4D4909
Requests: 53 HTTP requests in this frame

Frame: https://s7.addthis.com/static/sh.f48a1a04fe8dbf021b4cda1d.html
Frame ID: 9123A3BA11FC233F64587D49CA7EF0C0
Requests: 1 HTTP requests in this frame

Frame: https://s7.addthis.com/static/sh.f48a1a04fe8dbf021b4cda1d.html
Frame ID: 0371F2DD7E71C57120F92BE1E6EB525D
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

التعارف و الزواج

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

/wp-(?:content|includes)/

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

AddThis (Widgets) Expand

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+(?:([\d.]+)/)?(?:css/)?font-awesome(?:\.min)?\.css
<link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Moat (Analytics) Expand

Overall confidence: 100%
Detected patterns

moatads\.com

Popper (Miscellaneous) Expand

Overall confidence: 100%
Detected patterns

/popper\.js/([0-9.]+)

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

54
Requests

33 %
HTTPS

60 %
IPv6

11
Domains

13
Subdomains

11
IPs

3
Countries

14914 kB
Transfer

15595 kB
Size

4
Cookies

2 Outgoing links

These are links going to different origins than the main page.

URL: https://search.onlyfuns.win/ydt?domain=addthis.com
Title: First Date!

Search URL Search Domain Scan URL

URL: https://www.addthis.com/website-tools/overview?utm_source=AddThis%20Tools&utm_medium=image
Title: AddThis

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 5

https://saml.federation.effem.com/image/aHR0cHM6Ly9nby5vbmx5ZnVucy53aW4vZmxpcC1pbWcucGhwP2ltZz1odHRwczovL3Bicy50d2ltZy5jb20vbWVkaWEvRks5aVpyeldZQUVCNEFxLmpwZw%3D%3D HTTP 302
https://go.onlyfuns.win/flip-img.php?img=https://pbs.twimg.com/media/FK9iZrzWYAEB4Aq.jpg

Request Chain 6

https://saml.federation.effem.com/image/aHR0cHM6Ly9nby5vbmx5ZnVucy53aW4vZmxpcC1pbWcucGhwP2ltZz1odHRwczovL2kxLndwLmNvbS82Ni5tZWRpYS50dW1ibHIuY29tL2JmODQyNTJmNjA4YTdlZGQ0YmM4MTA5ZGZkNGYyYWYyLzUyZGFmODkyOTBlOGIzOTEtMTAvczEyODB4MTkyMC82MDBjMGM1MGQ0MjMwYmU1NTk1Y2U2YmVhY2JjY2JiYzFmODc4OTgyLmpwZw%3D%3D HTTP 302
https://go.onlyfuns.win/flip-img.php?img=https://i1.wp.com/66.media.tumblr.com/bf84252f608a7edd4bc8109dfd4f2af2/52daf89290e8b391-10/s1280x1920/600c0c50d4230be5595ce6beacbccbbc1f878982.jpg

Request Chain 7

https://saml.federation.effem.com/image/aHR0cHM6Ly9nby5vbmx5ZnVucy53aW4vZmxpcC1pbWcucGhwP2ltZz1odHRwczovL3Bicy50d2ltZy5jb20vbWVkaWEvRU5DZE5kMlhVQUFybjZZP2Zvcm1hdD1qcGcmbmFtZT1zbWFsbA%3D%3D HTTP 302
https://go.onlyfuns.win/flip-img.php?img=https://pbs.twimg.com/media/ENCdNd2XUAArn6Y?format=jpg&name=small

Request Chain 8

https://saml.federation.effem.com/image/aHR0cHM6Ly9nby5vbmx5ZnVucy53aW4vZmxpcC1pbWcucGhwP2ltZz1odHRwczovLzEuYnAuYmxvZ3Nwb3QuY29tLy1VTTB4WFJXNS1PRS9VejNWay05c2FwSS9BQUFBQUFBQUFwTS9NRkRmZjViamVmMC9zMTYwMC9jYXRhbG9ndWUrZGVzK2JnK21hcm9jYWlucy5qcGc%3D HTTP 302
https://go.onlyfuns.win/flip-img.php?img=https://1.bp.blogspot.com/-UM0xXRW5-OE/Uz3Vk-9sapI/AAAAAAAAApM/MFDff5bjef0/s1600/catalogue+des+bg+marocains.jpg

Request Chain 9

https://saml.federation.effem.com/image/aHR0cHM6Ly9nby5vbmx5ZnVucy53aW4vZmxpcC1pbWcucGhwP2ltZz1odHRwczovL3Bicy50d2ltZy5jb20vbWVkaWEvRk5QSm5fRVdZQVVvNGVOLmpwZw%3D%3D HTTP 302
https://go.onlyfuns.win/flip-img.php?img=https://pbs.twimg.com/media/FNPJn_EWYAUo4eN.jpg

Request Chain 10

https://saml.federation.effem.com/image/aHR0cHM6Ly9nby5vbmx5ZnVucy53aW4vZmxpcC1pbWcucGhwP2ltZz1odHRwczovLzEuYnAuYmxvZ3Nwb3QuY29tLy11dUxzWXhNeWNJMC9YRU9SYTNycDZLSS9BQUFBQUFBQUFRQS8waGVXRXptbE9na09RS1I3MkNnQnIwVVZsX1ExWTI1dWdDTGNCR0FzL3MxNjAwLzQyNTgwODEzXzExODE0MzA2OTE1MDY4Ml8zMjQzNjEwOTAxNjc2Mjk0MTQ0X24uanBn HTTP 302
https://go.onlyfuns.win/flip-img.php?img=https://1.bp.blogspot.com/-uuLsYxMycI0/XEORa3rp6KI/AAAAAAAAAQA/0heWEzmlOgkOQKR72CgBr0UVl_Q1Y25ugCLcBGAs/s1600/42580813_118143069150682_3243610901676294144_n.jpg

Request Chain 11

https://saml.federation.effem.com/image/aHR0cHM6Ly9nby5vbmx5ZnVucy53aW4vZmxpcC1pbWcucGhwP2ltZz1odHRwczovL3Bicy50d2ltZy5jb20vbWVkaWEvQ1Zqc2lNRFc0QUFWZHRWP2Zvcm1hdD1qcGcmbmFtZT1zbWFsbA%3D%3D HTTP 302
https://go.onlyfuns.win/flip-img.php?img=https://pbs.twimg.com/media/CVjsiMDW4AAVdtV?format=jpg&name=small

Request Chain 12

https://saml.federation.effem.com/image/aHR0cHM6Ly9nby5vbmx5ZnVucy53aW4vZmxpcC1pbWcucGhwP2ltZz1odHRwczovL2ltZzExOC5pbWFnZXR3aXN0LmNvbS90aC8zMDc3Ni83MnRlNGNnajhoaDIuanBn HTTP 302
https://go.onlyfuns.win/flip-img.php?img=https://img118.imagetwist.com/th/30776/72te4cgj8hh2.jpg

Request Chain 13

https://saml.federation.effem.com/image/aHR0cHM6Ly9nby5vbmx5ZnVucy53aW4vZmxpcC1pbWcucGhwP2ltZz1odHRwczovL2kucGluaW1nLmNvbS83MzZ4Lzk1L2ExLzI5Lzk1YTEyOTIwMTc0MDcwNTBmNmIwM2MwNmUyMzViN2ZhLmpwZw%3D%3D HTTP 302
https://go.onlyfuns.win/flip-img.php?img=https://i.pinimg.com/736x/95/a1/29/95a1292017407050f6b03c06e235b7fa.jpg

Request Chain 14

https://saml.federation.effem.com/image/aHR0cHM6Ly9nby5vbmx5ZnVucy53aW4vZmxpcC1pbWcucGhwP2ltZz1odHRwczovL2kucGluaW1nLmNvbS80NzR4LzQyL2I5LzQ1LzQyYjk0NWIxNjZmNDg2NmI5OGExMzQ5ZGQ4MTNiZjIxLmpwZw%3D%3D HTTP 302
https://go.onlyfuns.win/flip-img.php?img=https://i.pinimg.com/474x/42/b9/45/42b945b166f4866b98a1349dd813bf21.jpg

Request Chain 15

https://saml.federation.effem.com/image/aHR0cHM6Ly9nby5vbmx5ZnVucy53aW4vZmxpcC1pbWcucGhwP2ltZz1odHRwOi8vMS5icC5ibG9nc3BvdC5jb20vLUZ6LThyZ3FNd0JJL1Q2QmlaREJGUVFJL0FBQUFBQUFBQUNrLzZrYkVhVW5DeVQ4L3MxNjAwL2RpYXBvXzE0OTc2MjMuanBn HTTP 302
https://go.onlyfuns.win/flip-img.php?img=http://1.bp.blogspot.com/-Fz-8rgqMwBI/T6BiZDBFQQI/AAAAAAAAACk/6kbEaUnCyT8/s1600/diapo_1497623.jpg

Request Chain 16

https://saml.federation.effem.com/image/aHR0cHM6Ly9nby5vbmx5ZnVucy53aW4vZmxpcC1pbWcucGhwP2ltZz1odHRwczovL2ZpbGVzLmdvbGlrZS5tZS81L3MvMTM4NTUxMDYuMzAzNDY3OTcyNjE2NTAyMTQuanBn HTTP 302
https://go.onlyfuns.win/flip-img.php?img=https://files.golike.me/5/s/13855106.30346797261650214.jpg

Request Chain 17

https://saml.federation.effem.com/image/aHR0cHM6Ly9nby5vbmx5ZnVucy53aW4vZmxpcC1pbWcucGhwP2ltZz1odHRwczovL2kucGluaW1nLmNvbS83MzZ4LzI4L2U1LzA5LzI4ZTUwOTEzYWUyZjYwMTMwOGE1OTMwOGFkZDUxMjkyLmpwZw%3D%3D HTTP 302
https://go.onlyfuns.win/flip-img.php?img=https://i.pinimg.com/736x/28/e5/09/28e50913ae2f601308a59308add51292.jpg

Request Chain 18

https://saml.federation.effem.com/image/aHR0cHM6Ly9nby5vbmx5ZnVucy53aW4vZmxpcC1pbWcucGhwP2ltZz1odHRwczovL3d3dy5taXhiYW5hdC5jb20vd3AtY29udGVudC91cGxvYWRzLzIwMjAvMDkvJUQ4JUE4JUQ5JTg2JUQ4JUE3JUQ4JUFBLSVEOSU4NSVEOCVCNSVEOCVCMS0lRDglQTglRDklODAtJUQ4JUE3JUQ5JTg0JUQ4JUFEJUQ4JUFDJUQ4JUE3JUQ4JUE4LTItNzY4eDk2MC5qcGc%2Fdj0xNjAwODcyODk3 HTTP 302
https://go.onlyfuns.win/flip-img.php?img=https://www.mixbanat.com/wp-content/uploads/2020/09/%D8%A8%D9%86%D8%A7%D8%AA-%D9%85%D8%B5%D8%B1-%D8%A8%D9%80-%D8%A7%D9%84%D8%AD%D8%AC%D8%A7%D8%A8-2-768x960.jpg?v=1600872897

Request Chain 19

https://saml.federation.effem.com/image/aHR0cHM6Ly9nby5vbmx5ZnVucy53aW4vZmxpcC1pbWcucGhwP2ltZz1odHRwczovL2ltYWdlLndpbnVkZi5jb20vdjIvaW1hZ2UxL1kyOXRMbkJoY21Ga2FYTXVhMkZzWVcxaGJtbDZZWGRxWDNOamNtVmxibDgxWHpFMU5EazJPRFUwTkRSZk1Ea3gvc2NyZWVuLTUuanBnP2Zha2V1cmw9MSZ0eXBlPS5qcGc%3D HTTP 302
https://go.onlyfuns.win/flip-img.php?img=https://image.winudf.com/v2/image1/Y29tLnBhcmFkaXMua2FsYW1hbml6YXdqX3NjcmVlbl81XzE1NDk2ODU0NDRfMDkx/screen-5.jpg?fakeurl=1&type=.jpg

Request Chain 20

https://saml.federation.effem.com/image/aHR0cHM6Ly9nby5vbmx5ZnVucy53aW4vZmxpcC1pbWcucGhwP2ltZz1odHRwczovL2kucGluaW1nLmNvbS83MzZ4L2ViL2Y1L2YxL2ViZjVmMTQ2OTBlMjZjODNmOGY1ZmQ3ODc3NDQxNDNhLmpwZw%3D%3D HTTP 302
https://go.onlyfuns.win/flip-img.php?img=https://i.pinimg.com/736x/eb/f5/f1/ebf5f14690e26c83f8f5fd787744143a.jpg

Request Chain 21

https://saml.federation.effem.com/image/aHR0cHM6Ly9nby5vbmx5ZnVucy53aW4vZmxpcC1pbWcucGhwP2ltZz1odHRwczovL2kucGluaW1nLmNvbS83MzZ4LzE5Lzg5LzhiLzE5ODk4YjIxNDc3NjFlMTQyM2Q4NWQzYzQ3ZjQ0MzNhLmpwZw%3D%3D HTTP 302
https://go.onlyfuns.win/flip-img.php?img=https://i.pinimg.com/736x/19/89/8b/19898b2147761e1423d85d3c47f4433a.jpg

Request Chain 22

https://saml.federation.effem.com/image/aHR0cHM6Ly9nby5vbmx5ZnVucy53aW4vZmxpcC1pbWcucGhwP2ltZz1odHRwczovLzIuYnAuYmxvZ3Nwb3QuY29tLy1mQnN5Q25aeE5Vcy9WbGI3MlVwbXpUSS9BQUFBQUFBQUNwYy9mZ1ptOXNJNkRtdy93NTMwLWg2MzYtcC9sYXJnZS5qcGc%3D HTTP 302
https://go.onlyfuns.win/flip-img.php?img=https://2.bp.blogspot.com/-fBsyCnZxNUs/Vlb72UpmzTI/AAAAAAAACpc/fgZm9sI6Dmw/w530-h636-p/large.jpg

Request Chain 23

https://saml.federation.effem.com/image/aHR0cHM6Ly9nby5vbmx5ZnVucy53aW4vZmxpcC1pbWcucGhwP2ltZz1odHRwczovL2ltYWdlLndpbnVkZi5jb20vdjIvaW1hZ2UxL1kyOXRMbkJoY21Ga2FYTXVhMkZzWVcxaGJtbDZZWGRxWDNOamNtVmxibDh3WHpFMU5EazJPRFUwTkRGZk1EQTEvc2NyZWVuLTAuanBnP2Zha2V1cmw9MSZ0eXBlPS5qcGc%3D HTTP 302
https://go.onlyfuns.win/flip-img.php?img=https://image.winudf.com/v2/image1/Y29tLnBhcmFkaXMua2FsYW1hbml6YXdqX3NjcmVlbl8wXzE1NDk2ODU0NDFfMDA1/screen-0.jpg?fakeurl=1&type=.jpg

Request Chain 24

https://saml.federation.effem.com/image/aHR0cHM6Ly9nby5vbmx5ZnVucy53aW4vZmxpcC1pbWcucGhwP2ltZz1odHRwczovL3Bicy50d2ltZy5jb20vbWVkaWEvRGFMSHk1aVdBQUkxN29CP2Zvcm1hdD1qcGcmbmFtZT1tZWRpdW0%3D HTTP 302
https://go.onlyfuns.win/flip-img.php?img=https://pbs.twimg.com/media/DaLHy5iWAAI17oB?format=jpg&name=medium

Request Chain 25

https://saml.federation.effem.com/image/aHR0cHM6Ly9nby5vbmx5ZnVucy53aW4vZmxpcC1pbWcucGhwP2ltZz1odHRwczovL3d3dy55YXphd2FqLmNvbS9tZW1iZXJzL2ltYWdlcy9ub3JtYWwvMjg2NTUzLnBuZw%3D%3D HTTP 302
https://go.onlyfuns.win/flip-img.php?img=https://www.yazawaj.com/members/images/normal/286553.png

Request Chain 26

https://saml.federation.effem.com/image/aHR0cHM6Ly9nby5vbmx5ZnVucy53aW4vZmxpcC1pbWcucGhwP2ltZz1odHRwczovLzQuYnAuYmxvZ3Nwb3QuY29tLy1oNmtrWGNSalFZZy9WTDluNDFybENsSS9BQUFBQUFBQVVLYy9JeFlrQ3FBRG43dy9zMTYwMC9BcmFiaUdpcmxzMjAxNS5ibG9nc3BvdC5jb20lMkIoNDIpLmpwZw%3D%3D HTTP 302
https://go.onlyfuns.win/flip-img.php?img=https://4.bp.blogspot.com/-h6kkXcRjQYg/VL9n41rlClI/AAAAAAAAUKc/IxYkCqADn7w/s1600/ArabiGirls2015.blogspot.com%2B(42).jpg

Request Chain 27

https://saml.federation.effem.com/image/aHR0cHM6Ly9nby5vbmx5ZnVucy53aW4vZmxpcC1pbWcucGhwP2ltZz1odHRwczovL2kucGluaW1nLmNvbS83MzZ4LzhmLzg4LzRmLzhmODg0ZjBmNzg5MTliOTM2ODhmNjg5MGVkODkyZmVlLmpwZw%3D%3D HTTP 302
https://go.onlyfuns.win/flip-img.php?img=https://i.pinimg.com/736x/8f/88/4f/8f884f0f78919b93688f6890ed892fee.jpg

Request Chain 28

https://saml.federation.effem.com/image/aHR0cHM6Ly9nby5vbmx5ZnVucy53aW4vZmxpcC1pbWcucGhwP2ltZz1odHRwczovL3d3dy55YXphd2FqLmNvbS9tZW1iZXJzL2ltYWdlcy9ub3JtYWwvMjg2NTYwLmpwZw%3D%3D HTTP 302
https://go.onlyfuns.win/flip-img.php?img=https://www.yazawaj.com/members/images/normal/286560.jpg

Request Chain 29

https://saml.federation.effem.com/image/aHR0cHM6Ly9nby5vbmx5ZnVucy53aW4vZmxpcC1pbWcucGhwP2ltZz1odHRwczovL3Bicy50d2ltZy5jb20vbWVkaWEvQlVJcmZkVElnQUFkVnhHLmpwZw%3D%3D HTTP 302
https://go.onlyfuns.win/flip-img.php?img=https://pbs.twimg.com/media/BUIrfdTIgAAdVxG.jpg

Request Chain 30

https://saml.federation.effem.com/image/aHR0cHM6Ly9nby5vbmx5ZnVucy53aW4vZmxpcC1pbWcucGhwP2ltZz1odHRwczovL3Bicy50d2ltZy5jb20vbWVkaWEvRkpBVWRBRFhvQUluSmJSP2Zvcm1hdD1qcGcmbmFtZT1tZWRpdW0%3D HTTP 302
https://go.onlyfuns.win/flip-img.php?img=https://pbs.twimg.com/media/FJAUdADXoAInJbR?format=jpg&name=medium

Request Chain 31

https://saml.federation.effem.com/image/aHR0cHM6Ly9nby5vbmx5ZnVucy53aW4vZmxpcC1pbWcucGhwP2ltZz1odHRwczovL2kucGluaW1nLmNvbS83MzZ4LzZjLzk5LzAyLzZjOTkwMjI0YTVjMjA4MTk4MzY5Y2ZjMTJjN2VhYTUwLmpwZw%3D%3D HTTP 302
https://go.onlyfuns.win/flip-img.php?img=https://i.pinimg.com/736x/6c/99/02/6c990224a5c208198369cfc12c7eaa50.jpg

Request Chain 32

https://saml.federation.effem.com/image/aHR0cHM6Ly9nby5vbmx5ZnVucy53aW4vZmxpcC1pbWcucGhwP2ltZz1odHRwOi8vbGgzLmdvb2dsZXVzZXJjb250ZW50LmNvbS9QZHYyMW5NRmNrSEo0WHlNak1tMzlBRXVPMVFFelluaE5FOEJMZEVUUkhTZzhSaXF3NjBjVGZiOEhkSGF0aWJSdEZZPWg4MDA%3D HTTP 302
https://go.onlyfuns.win/flip-img.php?img=http://lh3.googleusercontent.com/Pdv21nMFckHJ4XyMjMm39AEuO1QEzYnhNE8BLdETRHSg8Riqw60cTfb8HdHatibRtFY=h800

Request Chain 33

https://saml.federation.effem.com/image/aHR0cHM6Ly9nby5vbmx5ZnVucy53aW4vZmxpcC1pbWcucGhwP2ltZz1odHRwczovL2kucGluaW1nLmNvbS83MzZ4L2QyLzc0LzQ0L2QyNzQ0NDUzNDhkZjM1YTYzNzVkNjAzNTAxMjMzYWE3LmpwZw%3D%3D HTTP 302
https://go.onlyfuns.win/flip-img.php?img=https://i.pinimg.com/736x/d2/74/44/d274445348df35a6375d603501233aa7.jpg

Request Chain 34

https://saml.federation.effem.com/image/aHR0cHM6Ly9nby5vbmx5ZnVucy53aW4vZmxpcC1pbWcucGhwP2ltZz1odHRwczovL3Bicy50d2ltZy5jb20vbWVkaWEvRTdkOGNncVVjQWNiVkVxLmpwZw%3D%3D HTTP 302
https://go.onlyfuns.win/flip-img.php?img=https://pbs.twimg.com/media/E7d8cgqUcAcbVEq.jpg

54 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
saml.federation.effem.com/ 55 KB
11 KB 1306ms
1168ms Document
text/html 178.18.246.10
CONTABO

General

Check archive.org

Show headers Download Go to

Full URL

https://saml.federation.effem.com/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

178.18.246.10 Munich, Germany, ASN51167 (CONTABO, DE),

Reverse DNS

vmi613361.contaboserver.net

Software

nginx /

Resource Hash

89fd8c5bd4056095c19115b6fd3beeace2d6f1e2facedb32792fbbcc6db66883

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Tue, 06 Dec 2022 14:55:41 GMT
server: nginx
strict-transport-security: max-age=31536000
vary: Accept-Encoding

GET
H2 200 css
fonts.googleapis.com/ 7 KB
1 KB 83ms
32ms Stylesheet
text/css 2a00:1450:4001:803::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Arimo:400,600,700

Requested by

Host: saml.federation.effem.com
URL: https://saml.federation.effem.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

67ec9fea8b34903a8b9b5c5456445c917852d195bdf7205f2f5d7e85e8617f44

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://saml.federation.effem.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Tue, 06 Dec 2022 14:55:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Tue, 06 Dec 2022 14:55:41 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 06 Dec 2022 14:55:41 GMT

GET
H2 200 font-awesome.min.css
maxcdn.bootstrapcdn.com/font-awesome/latest/css/ 30 KB
7 KB 85ms
32ms Stylesheet
text/css 2606:4700::6812:acf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://maxcdn.bootstrapcdn.com/font-awesome/latest/css/font-awesome.min.css

Requested by

Host: saml.federation.effem.com
URL: https://saml.federation.effem.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:acf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://saml.federation.effem.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Tue, 06 Dec 2022 14:55:41 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
cdn-edgestorageid: 617, 617
age: 27234807
cdn-cachedat: 2021-06-08 14:00:09
cdn-pullzone: 252412
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Mon, 25 Jan 2021 22:04:56 GMT
server: cloudflare
cdn-requestpullcode: 200
vary: Accept-Encoding
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cache-control: public, max-age=31919000
cdn-requestid: bfcbb4a28133a52cdff11100ba633437
timing-allow-origin: *
cdn-requestcountrycode: US
cf-ray: 7755dd2f48cc9235-FRA
cdn-requestpullsuccess: True

GET
H2 200 main.css
saml.federation.effem.com/templates/gallery/assets/styles/ 190 KB
30 KB 28ms
27ms Stylesheet
text/css 178.18.246.10
CONTABO

General

Check archive.org

Show headers Download Go to

Full URL

https://saml.federation.effem.com/templates/gallery/assets/styles/main.css

Requested by

Host: saml.federation.effem.com
URL: https://saml.federation.effem.com/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

178.18.246.10 Munich, Germany, ASN51167 (CONTABO, DE),

Reverse DNS

vmi613361.contaboserver.net

Software

nginx /

Resource Hash

90cd268c88d938bfd5d08fc64930c6c6a992e549b7cd7d09f69a7bc424835235

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://saml.federation.effem.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Tue, 06 Dec 2022 14:55:41 GMT
strict-transport-security: max-age=31536000
content-encoding: gzip
last-modified: Thu, 01 Feb 2018 08:53:40 GMT
server: nginx
etag: W/"5a72d594-2f861"
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=43200
expires: Wed, 07 Dec 2022 02:55:41 GMT

GET
H2 200 popunder.js Show response
f-i-n-d.onlyfuns.win/js/ 812 B
1005 B 101ms
33ms Script
application/javascript 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://f-i-n-d.onlyfuns.win/js/popunder.js
Requested by: Host: saml.federation.effem.com
URL: https://saml.federation.effem.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e2ba34d1b1dcbbecb347fbfd6cdc7dc3ce039a10480def8b371fad59fc6e4caa

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://saml.federation.effem.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Tue, 06 Dec 2022 14:55:41 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Wed, 19 May 2021 12:38:48 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 4540
etag: W/"60a506d8-32c"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uLJbEH4tJNvrzMY%2BpLXdHu%2BY3%2BfPlKEFX4QSjsGhgYIv2QtQ2fT4UK7V12RXavuItwSyPU7DN0xhKFyt9dddSikE5PHSQIcxNngtclTea6lAMuSXmv%2BS9epGlGY%2FxBuHPNvK9LClB4eMeYb6mstfnQ%2F1CQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400, no-transform
cf-ray: 7755dd2f59bb9bb2-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 favicon.png
saml.federation.effem.com/templates/gallery/assets/images/ 10 KB
10 KB 44ms
34ms Image
image/png 178.18.246.10
CONTABO

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://saml.federation.effem.com/templates/gallery/assets/images/favicon.png

Requested by

Host: saml.federation.effem.com
URL: https://saml.federation.effem.com/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

178.18.246.10 Munich, Germany, ASN51167 (CONTABO, DE),

Reverse DNS

vmi613361.contaboserver.net

Software

nginx /

Resource Hash

32c99b5a26af872920936cf9b1132c17353e9f898fd814b74c935ab985569c32

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://saml.federation.effem.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Tue, 06 Dec 2022 14:55:42 GMT
strict-transport-security: max-age=31536000
last-modified: Fri, 11 Nov 2022 23:25:13 GMT
server: nginx
etag: "636ed9d9-262f"
content-type: image/png
cache-control: max-age=2592000
accept-ranges: bytes
content-length: 9775
expires: Thu, 05 Jan 2023 14:55:42 GMT

GET
H2

200

flip-img.php
go.onlyfuns.win/
Redirect Chain

https://saml.federation.effem.com/image/aHR0cHM6Ly9nby5vbmx5ZnVucy53aW4vZmxpcC1pbWcucGhwP2ltZz1odHRwczovL3Bicy50d2ltZy5jb20vbWVkaWEvRks5aVpyeldZQUVCNEFxLmpwZw%3D%3D
https://go.onlyfuns.win/flip-img.php?img=https://pbs.twimg.com/media/FK9iZrzWYAEB4Aq.jpg

325 KB
326 KB

328ms
302ms

Image
image/jpeg

2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://go.onlyfuns.win/flip-img.php?img=https://pbs.twimg.com/media/FK9iZrzWYAEB4Aq.jpg

Requested by

Host: saml.federation.effem.com
URL: https://saml.federation.effem.com/

Protocol

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3699262e016d5fe309f6324bede0e36b6814d99c6e81917f91b954f70f746f09

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://saml.federation.effem.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Tue, 06 Dec 2022 14:55:42 GMT
strict-transport-security: max-age=31536000
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MKwNbTODyeEstvgyk5l4q6P0raa%2B6B3VBYiq8KlI8nI5JFcxVSS5BpnetXfoUxlG%2B83fokgmkwbztN8wqz9lnQopRkJJE0mC8ClDEIVBqa2mX%2Fm4PrM9vJKxi6zVYVyW74p1sCec6HfFnEjpoY8%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cf-ray: 7755dd30bca79bb2-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

Redirect headers

location: https://go.onlyfuns.win/flip-img.php?img=https://pbs.twimg.com/media/FK9iZrzWYAEB4Aq.jpg
date: Tue, 06 Dec 2022 14:55:42 GMT
strict-transport-security: max-age=31536000
server: nginx
content-type: text/html; charset=UTF-8

GET
H2

200

flip-img.php
go.onlyfuns.win/
Redirect Chain

https://saml.federation.effem.com/image/aHR0cHM6Ly9nby5vbmx5ZnVucy53aW4vZmxpcC1pbWcucGhwP2ltZz1odHRwczovL2kxLndwLmNvbS82Ni5tZWRpYS50dW1ibHIuY29tL2JmODQyNTJmNjA4YTdlZGQ0YmM4MTA5ZGZkNGYyYWYyLzUyZGFmO...
https://go.onlyfuns.win/flip-img.php?img=https://i1.wp.com/66.media.tumblr.com/bf84252f608a7edd4bc8109dfd4f2af2/52daf89290e8b391-10/s1280x1920/600c0c50d4230be5595ce6beacbccbbc1f878982.jpg

841 KB
842 KB

525ms
499ms

Image
image/jpeg

2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://go.onlyfuns.win/flip-img.php?img=https://i1.wp.com/66.media.tumblr.com/bf84252f608a7edd4bc8109dfd4f2af2/52daf89290e8b391-10/s1280x1920/600c0c50d4230be5595ce6beacbccbbc1f878982.jpg

Requested by

Host: saml.federation.effem.com
URL: https://saml.federation.effem.com/

Protocol

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

393a662cd53b3ddd9dbe547178cc25390d3bd34f916ccac94b21c874896af652

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://saml.federation.effem.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Tue, 06 Dec 2022 14:55:42 GMT
strict-transport-security: max-age=31536000
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RkKs7j9jTt41gSfwP2am485ivqjYQ6g%2B711c0uRJV72TeqtQGfLKJcFnuBaAJwDr7brLYgwX3S%2Fgwjx77lIZmV3sjZzQxbWm2q3ntr06NNUBW3E%2FpQUm4lCOr0%2FBrJq3hj%2BWktJnVBO%2FEOOJOXo%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cf-ray: 7755dd30bcab9bb2-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

Redirect headers

location: https://go.onlyfuns.win/flip-img.php?img=https://i1.wp.com/66.media.tumblr.com/bf84252f608a7edd4bc8109dfd4f2af2/52daf89290e8b391-10/s1280x1920/600c0c50d4230be5595ce6beacbccbbc1f878982.jpg
date: Tue, 06 Dec 2022 14:55:42 GMT
strict-transport-security: max-age=31536000
server: nginx
content-type: text/html; charset=UTF-8

GET
H2

200

flip-img.php
go.onlyfuns.win/
Redirect Chain

https://saml.federation.effem.com/image/aHR0cHM6Ly9nby5vbmx5ZnVucy53aW4vZmxpcC1pbWcucGhwP2ltZz1odHRwczovL3Bicy50d2ltZy5jb20vbWVkaWEvRU5DZE5kMlhVQUFybjZZP2Zvcm1hdD1qcGcmbmFtZT1zbWFsbA%3D%3D
https://go.onlyfuns.win/flip-img.php?img=https://pbs.twimg.com/media/ENCdNd2XUAArn6Y?format=jpg&name=small

370 KB
370 KB

931ms
906ms

Image
image/jpeg

2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://go.onlyfuns.win/flip-img.php?img=https://pbs.twimg.com/media/ENCdNd2XUAArn6Y?format=jpg&name=small

Requested by

Host: saml.federation.effem.com
URL: https://saml.federation.effem.com/

Protocol

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

216221967554ecc2df28e958327d34d1c00e88e84a0cb51c4891dd2bb2223974

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://saml.federation.effem.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Tue, 06 Dec 2022 14:55:43 GMT
strict-transport-security: max-age=31536000
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MdARQk%2BYt6zX125eBqVXES392JYdhjnN1H7282RZ4S4KKdg3lL3GHDq4avVN5NtamOqJhI83Nz0wR7j27N%2BK1Bd%2Bp5ag30MuLihQcQDTunXZPVTHg7UcDGkkCXZ9AcLPfdct2WobS8lq80lWgW4%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cf-ray: 7755dd30bcb39bb2-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

Redirect headers

location: https://go.onlyfuns.win/flip-img.php?img=https://pbs.twimg.com/media/ENCdNd2XUAArn6Y?format=jpg&name=small
date: Tue, 06 Dec 2022 14:55:42 GMT
strict-transport-security: max-age=31536000
server: nginx
content-type: text/html; charset=UTF-8

GET
H2

200

flip-img.php
go.onlyfuns.win/
Redirect Chain

https://saml.federation.effem.com/image/aHR0cHM6Ly9nby5vbmx5ZnVucy53aW4vZmxpcC1pbWcucGhwP2ltZz1odHRwczovLzEuYnAuYmxvZ3Nwb3QuY29tLy1VTTB4WFJXNS1PRS9VejNWay05c2FwSS9BQUFBQUFBQUFwTS9NRkRmZjViamVmMC9zM...
https://go.onlyfuns.win/flip-img.php?img=https://1.bp.blogspot.com/-UM0xXRW5-OE/Uz3Vk-9sapI/AAAAAAAAApM/MFDff5bjef0/s1600/catalogue+des+bg+marocains.jpg

0
0

428ms
428ms

Image
text/html

2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://go.onlyfuns.win/flip-img.php?img=https://1.bp.blogspot.com/-UM0xXRW5-OE/Uz3Vk-9sapI/AAAAAAAAApM/MFDff5bjef0/s1600/catalogue+des+bg+marocains.jpg
Requested by: Host: saml.federation.effem.com
URL: https://saml.federation.effem.com/
Protocol: H2
Server: 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://saml.federation.effem.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

Redirect headers

location: https://go.onlyfuns.win/flip-img.php?img=https://1.bp.blogspot.com/-UM0xXRW5-OE/Uz3Vk-9sapI/AAAAAAAAApM/MFDff5bjef0/s1600/catalogue+des+bg+marocains.jpg
date: Tue, 06 Dec 2022 14:55:42 GMT
strict-transport-security: max-age=31536000
server: nginx
content-type: text/html; charset=UTF-8

GET
H2

200

flip-img.php
go.onlyfuns.win/
Redirect Chain

https://saml.federation.effem.com/image/aHR0cHM6Ly9nby5vbmx5ZnVucy53aW4vZmxpcC1pbWcucGhwP2ltZz1odHRwczovL3Bicy50d2ltZy5jb20vbWVkaWEvRk5QSm5fRVdZQVVvNGVOLmpwZw%3D%3D
https://go.onlyfuns.win/flip-img.php?img=https://pbs.twimg.com/media/FNPJn_EWYAUo4eN.jpg

769 KB
770 KB

413ms
387ms

Image
image/jpeg

2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://go.onlyfuns.win/flip-img.php?img=https://pbs.twimg.com/media/FNPJn_EWYAUo4eN.jpg

Requested by

Host: saml.federation.effem.com
URL: https://saml.federation.effem.com/

Protocol

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e01ad03c109118704587a3502fb90ebcb29d6884304ade79e2b96c1e9a89cc58

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://saml.federation.effem.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Tue, 06 Dec 2022 14:55:42 GMT
strict-transport-security: max-age=31536000
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8LfN4Kvqs3vFNTK3HAQgJ7S6T7sZURWnz6KFnrIo1e6n%2B4G3MGmdRkb6HupnS6wHsGRhlVeDkjZsLkv5U8iOoa9puS5345o3sXhCiG2%2FwGXdXh9UumejH9g9h%2F390ME1VKLhQT%2Bj%2FukpOAu5aKk%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cf-ray: 7755dd30bc9c9bb2-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

Redirect headers

location: https://go.onlyfuns.win/flip-img.php?img=https://pbs.twimg.com/media/FNPJn_EWYAUo4eN.jpg
date: Tue, 06 Dec 2022 14:55:42 GMT
strict-transport-security: max-age=31536000
server: nginx
content-type: text/html; charset=UTF-8

GET
H2

200

flip-img.php
go.onlyfuns.win/
Redirect Chain

https://saml.federation.effem.com/image/aHR0cHM6Ly9nby5vbmx5ZnVucy53aW4vZmxpcC1pbWcucGhwP2ltZz1odHRwczovLzEuYnAuYmxvZ3Nwb3QuY29tLy11dUxzWXhNeWNJMC9YRU9SYTNycDZLSS9BQUFBQUFBQUFRQS8waGVXRXptbE9na09RS...
https://go.onlyfuns.win/flip-img.php?img=https://1.bp.blogspot.com/-uuLsYxMycI0/XEORa3rp6KI/AAAAAAAAAQA/0heWEzmlOgkOQKR72CgBr0UVl_Q1Y25ugCLcBGAs/s1600/42580813_118143069150682_3243610901676294144_n...

438 KB
439 KB

822ms
822ms

Image
image/jpeg

2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://go.onlyfuns.win/flip-img.php?img=https://1.bp.blogspot.com/-uuLsYxMycI0/XEORa3rp6KI/AAAAAAAAAQA/0heWEzmlOgkOQKR72CgBr0UVl_Q1Y25ugCLcBGAs/s1600/42580813_118143069150682_3243610901676294144_n.jpg

Requested by

Host: saml.federation.effem.com
URL: https://saml.federation.effem.com/

Protocol

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1cafd06835bc7b07522b1919d99322dd17f5f65ee62acd9acf3bad151d5f37e8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://saml.federation.effem.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Tue, 06 Dec 2022 14:55:43 GMT
strict-transport-security: max-age=31536000
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8c9DLdiadS99QfIVONZCm8H1Muay%2FFA0hL%2FuHy4xbvPb%2FLifXamEttcMWzCBU4WPl9DMCpwtclHMF71S9SQIDdgS8MCUb0rcoxO9z6BNNfS9WbpRfikckNKWGUdUgGGxXzlz8vrkeT5ffS1CDkA%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cf-ray: 7755dd315e1b9bb2-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

Redirect headers

location: https://go.onlyfuns.win/flip-img.php?img=https://1.bp.blogspot.com/-uuLsYxMycI0/XEORa3rp6KI/AAAAAAAAAQA/0heWEzmlOgkOQKR72CgBr0UVl_Q1Y25ugCLcBGAs/s1600/42580813_118143069150682_3243610901676294144_n.jpg
date: Tue, 06 Dec 2022 14:55:42 GMT
strict-transport-security: max-age=31536000
server: nginx
content-type: text/html; charset=UTF-8

GET
H2

200

flip-img.php
go.onlyfuns.win/
Redirect Chain

https://saml.federation.effem.com/image/aHR0cHM6Ly9nby5vbmx5ZnVucy53aW4vZmxpcC1pbWcucGhwP2ltZz1odHRwczovL3Bicy50d2ltZy5jb20vbWVkaWEvQ1Zqc2lNRFc0QUFWZHRWP2Zvcm1hdD1qcGcmbmFtZT1zbWFsbA%3D%3D
https://go.onlyfuns.win/flip-img.php?img=https://pbs.twimg.com/media/CVjsiMDW4AAVdtV?format=jpg&name=small

398 KB
399 KB

583ms
558ms

Image
image/jpeg

2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://go.onlyfuns.win/flip-img.php?img=https://pbs.twimg.com/media/CVjsiMDW4AAVdtV?format=jpg&name=small

Requested by

Host: saml.federation.effem.com
URL: https://saml.federation.effem.com/

Protocol

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5869b6f8f1f82bb53b81bf4996f23c3bd37b58efc1f28a917d1c865a2657ce4d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://saml.federation.effem.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Tue, 06 Dec 2022 14:55:42 GMT
strict-transport-security: max-age=31536000
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EVKS7Rp3pTW8UeOTpJgp%2BmhNXsI4z4MIxoh6oZa7nhKq%2FA%2F3WTgiFGiS6QxpL1cQqN%2BkvTMOIy8aztD9oDPHooFls%2BL%2B8KHUG8d11kaiAu5TeH76TFbdvk7XyoGevwNBJ52RtsF3USXQkYuPYAY%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cf-ray: 7755dd30bc9e9bb2-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

Redirect headers

location: https://go.onlyfuns.win/flip-img.php?img=https://pbs.twimg.com/media/CVjsiMDW4AAVdtV?format=jpg&name=small
date: Tue, 06 Dec 2022 14:55:42 GMT
strict-transport-security: max-age=31536000
server: nginx
content-type: text/html; charset=UTF-8

GET
H2

200

flip-img.php
go.onlyfuns.win/
Redirect Chain

https://saml.federation.effem.com/image/aHR0cHM6Ly9nby5vbmx5ZnVucy53aW4vZmxpcC1pbWcucGhwP2ltZz1odHRwczovL2ltZzExOC5pbWFnZXR3aXN0LmNvbS90aC8zMDc3Ni83MnRlNGNnajhoaDIuanBn
https://go.onlyfuns.win/flip-img.php?img=https://img118.imagetwist.com/th/30776/72te4cgj8hh2.jpg

184 KB
184 KB

564ms
563ms

Image
image/jpeg

2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://go.onlyfuns.win/flip-img.php?img=https://img118.imagetwist.com/th/30776/72te4cgj8hh2.jpg

Requested by

Host: saml.federation.effem.com
URL: https://saml.federation.effem.com/

Protocol

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8a0c468b1f6d0fd936c88acf94d55b356ea131498527a32fbb3c7a07491da36a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://saml.federation.effem.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Tue, 06 Dec 2022 14:55:42 GMT
strict-transport-security: max-age=31536000
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=drecbxKdnJReVcE4jBuuaaf4eFZQ8Y2qmmApHxUcBR3dt1ypSKY0eIjXvW6RGrAdeXeo6ULMWNEcJb%2BMi99e5%2FvTJAJIxvCjtbGltUX4O3qr7BBux9QJFt49YptPUXIZRfyD6Ki0JVd4WjEyvXE%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cf-ray: 7755dd315e149bb2-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

Redirect headers

location: https://go.onlyfuns.win/flip-img.php?img=https://img118.imagetwist.com/th/30776/72te4cgj8hh2.jpg
date: Tue, 06 Dec 2022 14:55:42 GMT
strict-transport-security: max-age=31536000
server: nginx
content-type: text/html; charset=UTF-8

GET
H2

200

flip-img.php
go.onlyfuns.win/
Redirect Chain

https://saml.federation.effem.com/image/aHR0cHM6Ly9nby5vbmx5ZnVucy53aW4vZmxpcC1pbWcucGhwP2ltZz1odHRwczovL2kucGluaW1nLmNvbS83MzZ4Lzk1L2ExLzI5Lzk1YTEyOTIwMTc0MDcwNTBmNmIwM2MwNmUyMzViN2ZhLmpwZw%3D%3D
https://go.onlyfuns.win/flip-img.php?img=https://i.pinimg.com/736x/95/a1/29/95a1292017407050f6b03c06e235b7fa.jpg

705 KB
706 KB

454ms
454ms

Image
image/jpeg

2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://go.onlyfuns.win/flip-img.php?img=https://i.pinimg.com/736x/95/a1/29/95a1292017407050f6b03c06e235b7fa.jpg

Requested by

Host: saml.federation.effem.com
URL: https://saml.federation.effem.com/

Protocol

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1bd1eb6be5abad3f2aea69a1782253f07363ed185192ffff4266ccf57a02c13d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://saml.federation.effem.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Tue, 06 Dec 2022 14:55:42 GMT
strict-transport-security: max-age=31536000
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gJhpzOPfyHi7clmFtIwwzCKBgJUXZ2icyA10CChW0j4IekvjxXmR2J6M64B6IDTLFSXNP23e61BP2UH%2FRlN%2Bxm4r0WSeSmNAxESq1iyvWa0N5sBcYnqw9nR1WOrbAQInvQGOBbjQ0rZRkN3QMP4%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cf-ray: 7755dd313dbf9bb2-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

Redirect headers

location: https://go.onlyfuns.win/flip-img.php?img=https://i.pinimg.com/736x/95/a1/29/95a1292017407050f6b03c06e235b7fa.jpg
date: Tue, 06 Dec 2022 14:55:42 GMT
strict-transport-security: max-age=31536000
server: nginx
content-type: text/html; charset=UTF-8

GET
H2

200

flip-img.php
go.onlyfuns.win/
Redirect Chain

https://saml.federation.effem.com/image/aHR0cHM6Ly9nby5vbmx5ZnVucy53aW4vZmxpcC1pbWcucGhwP2ltZz1odHRwczovL2kucGluaW1nLmNvbS80NzR4LzQyL2I5LzQ1LzQyYjk0NWIxNjZmNDg2NmI5OGExMzQ5ZGQ4MTNiZjIxLmpwZw%3D%3D
https://go.onlyfuns.win/flip-img.php?img=https://i.pinimg.com/474x/42/b9/45/42b945b166f4866b98a1349dd813bf21.jpg

226 KB
226 KB

500ms
495ms

Image
image/jpeg

2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://go.onlyfuns.win/flip-img.php?img=https://i.pinimg.com/474x/42/b9/45/42b945b166f4866b98a1349dd813bf21.jpg

Requested by

Host: saml.federation.effem.com
URL: https://saml.federation.effem.com/

Protocol

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d66b20e317bba94e80f73a0628e1de11c91f5e3448f52477b7686822b3832cd1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://saml.federation.effem.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Tue, 06 Dec 2022 14:55:42 GMT
strict-transport-security: max-age=31536000
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ORimHFjNBKgeckvMrqIAd20xyTRuC8Cj3kvYOhjB0BDDHy5z2d3qbzT6q9DD5tyKbZlJnROyMswlSETyanhG%2FLDB%2B%2FnIaPP5PhZsTnKk8Ix%2Fj5h02hr6f0XFwhQLZa1TJb%2BNTbKj4mdwEcBaBQA%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cf-ray: 7755dd30bca29bb2-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

Redirect headers

location: https://go.onlyfuns.win/flip-img.php?img=https://i.pinimg.com/474x/42/b9/45/42b945b166f4866b98a1349dd813bf21.jpg
date: Tue, 06 Dec 2022 14:55:42 GMT
strict-transport-security: max-age=31536000
server: nginx
content-type: text/html; charset=UTF-8

GET
H2

200

flip-img.php
go.onlyfuns.win/
Redirect Chain

https://saml.federation.effem.com/image/aHR0cHM6Ly9nby5vbmx5ZnVucy53aW4vZmxpcC1pbWcucGhwP2ltZz1odHRwOi8vMS5icC5ibG9nc3BvdC5jb20vLUZ6LThyZ3FNd0JJL1Q2QmlaREJGUVFJL0FBQUFBQUFBQUNrLzZrYkVhVW5DeVQ4L3MxN...
https://go.onlyfuns.win/flip-img.php?img=http://1.bp.blogspot.com/-Fz-8rgqMwBI/T6BiZDBFQQI/AAAAAAAAACk/6kbEaUnCyT8/s1600/diapo_1497623.jpg

565 KB
566 KB

303ms
302ms

Image
image/jpeg

2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://go.onlyfuns.win/flip-img.php?img=http://1.bp.blogspot.com/-Fz-8rgqMwBI/T6BiZDBFQQI/AAAAAAAAACk/6kbEaUnCyT8/s1600/diapo_1497623.jpg

Requested by

Host: saml.federation.effem.com
URL: https://saml.federation.effem.com/

Protocol

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

492030b3ee4235bf59a95b8f078b92f7de98551e48f143101957ac6579d5fdd4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://saml.federation.effem.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Tue, 06 Dec 2022 14:55:42 GMT
strict-transport-security: max-age=31536000
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=T9iGm9eZCOn2jBgk0xyYtCzwwHC1qL7HgM73w%2FTuuqMxF7o%2BqF3PaUhZfkVTEROBzEbksxPrRS9pBOSpGJC9fdw4RJ3RqPiW%2BO1LOVi0HNx4SYxp0tqw6nXKtoPtksYUgY8O0JXlngJxzb8K1U0%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cf-ray: 7755dd30fd299bb2-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

Redirect headers

location: https://go.onlyfuns.win/flip-img.php?img=http://1.bp.blogspot.com/-Fz-8rgqMwBI/T6BiZDBFQQI/AAAAAAAAACk/6kbEaUnCyT8/s1600/diapo_1497623.jpg
date: Tue, 06 Dec 2022 14:55:42 GMT
strict-transport-security: max-age=31536000
server: nginx
content-type: text/html; charset=UTF-8

GET
H2

200

flip-img.php
go.onlyfuns.win/
Redirect Chain

https://saml.federation.effem.com/image/aHR0cHM6Ly9nby5vbmx5ZnVucy53aW4vZmxpcC1pbWcucGhwP2ltZz1odHRwczovL2ZpbGVzLmdvbGlrZS5tZS81L3MvMTM4NTUxMDYuMzAzNDY3OTcyNjE2NTAyMTQuanBn
https://go.onlyfuns.win/flip-img.php?img=https://files.golike.me/5/s/13855106.30346797261650214.jpg

0
0

1261ms
1261ms

Image
text/html

2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://go.onlyfuns.win/flip-img.php?img=https://files.golike.me/5/s/13855106.30346797261650214.jpg
Requested by: Host: saml.federation.effem.com
URL: https://saml.federation.effem.com/
Protocol: H2
Server: 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://saml.federation.effem.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

Redirect headers

location: https://go.onlyfuns.win/flip-img.php?img=https://files.golike.me/5/s/13855106.30346797261650214.jpg
date: Tue, 06 Dec 2022 14:55:42 GMT
strict-transport-security: max-age=31536000
server: nginx
content-type: text/html; charset=UTF-8

GET
H2

200

flip-img.php
go.onlyfuns.win/
Redirect Chain

https://saml.federation.effem.com/image/aHR0cHM6Ly9nby5vbmx5ZnVucy53aW4vZmxpcC1pbWcucGhwP2ltZz1odHRwczovL2kucGluaW1nLmNvbS83MzZ4LzI4L2U1LzA5LzI4ZTUwOTEzYWUyZjYwMTMwOGE1OTMwOGFkZDUxMjkyLmpwZw%3D%3D
https://go.onlyfuns.win/flip-img.php?img=https://i.pinimg.com/736x/28/e5/09/28e50913ae2f601308a59308add51292.jpg

611 KB
612 KB

246ms
241ms

Image
image/jpeg

2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://go.onlyfuns.win/flip-img.php?img=https://i.pinimg.com/736x/28/e5/09/28e50913ae2f601308a59308add51292.jpg

Requested by

Host: saml.federation.effem.com
URL: https://saml.federation.effem.com/

Protocol

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

44a6b12f0ff056d8346f82edf66b7f05fe2b140e77607f8ee81098a2fb526a0b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://saml.federation.effem.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Tue, 06 Dec 2022 14:55:42 GMT
strict-transport-security: max-age=31536000
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XNa4WghrFX1jG8LFbdd9X8paBvM3RrEvujUb1omdudwftf3VfviS9Mg9%2F0kSalP0h2FCMB%2BnEVqKlB4KN9%2BDEsfkq9s7CRA2V20jUPi9%2Bcy4HUKQ3pCiMOzL3eZxpNNBF%2FuoSrfM1ho5cKSx9AA%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cf-ray: 7755dd30bcb09bb2-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

Redirect headers

location: https://go.onlyfuns.win/flip-img.php?img=https://i.pinimg.com/736x/28/e5/09/28e50913ae2f601308a59308add51292.jpg
date: Tue, 06 Dec 2022 14:55:42 GMT
strict-transport-security: max-age=31536000
server: nginx
content-type: text/html; charset=UTF-8

GET
H2

200

flip-img.php
go.onlyfuns.win/
Redirect Chain

https://saml.federation.effem.com/image/aHR0cHM6Ly9nby5vbmx5ZnVucy53aW4vZmxpcC1pbWcucGhwP2ltZz1odHRwczovL3d3dy5taXhiYW5hdC5jb20vd3AtY29udGVudC91cGxvYWRzLzIwMjAvMDkvJUQ4JUE4JUQ5JTg2JUQ4JUE3JUQ4JUFBL...
https://go.onlyfuns.win/flip-img.php?img=https://www.mixbanat.com/wp-content/uploads/2020/09/%D8%A8%D9%86%D8%A7%D8%AA-%D9%85%D8%B5%D8%B1-%D8%A8%D9%80-%D8%A7%D9%84%D8%AD%D8%AC%D8%A7%D8%A8-2-768x960....

603 KB
604 KB

841ms
840ms

Image
image/jpeg

2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://go.onlyfuns.win/flip-img.php?img=https://www.mixbanat.com/wp-content/uploads/2020/09/%D8%A8%D9%86%D8%A7%D8%AA-%D9%85%D8%B5%D8%B1-%D8%A8%D9%80-%D8%A7%D9%84%D8%AD%D8%AC%D8%A7%D8%A8-2-768x960.jpg?v=1600872897

Requested by

Host: saml.federation.effem.com
URL: https://saml.federation.effem.com/

Protocol

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2410328e7594d80cf13346f7b1bea5946ed4300709b289df8066a617e65423dd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://saml.federation.effem.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Tue, 06 Dec 2022 14:55:43 GMT
strict-transport-security: max-age=31536000
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AFnFbdIwEZFkN8wJ7L3HCOHyVeWw9nY0CAfUxREwN3g80LRxRCVPv5IdwYtCXNAsCrJwG5vYuux065%2F0JIbysVSEQLWn2dMCBs8nEAbVmwhnGwvJVLL9vVRydjsJ2wOjC1UFCsnKxiY5%2FHFQLLc%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cf-ray: 7755dd313db29bb2-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

Redirect headers

location: https://go.onlyfuns.win/flip-img.php?img=https://www.mixbanat.com/wp-content/uploads/2020/09/%D8%A8%D9%86%D8%A7%D8%AA-%D9%85%D8%B5%D8%B1-%D8%A8%D9%80-%D8%A7%D9%84%D8%AD%D8%AC%D8%A7%D8%A8-2-768x960.jpg?v=1600872897
date: Tue, 06 Dec 2022 14:55:42 GMT
strict-transport-security: max-age=31536000
server: nginx
content-type: text/html; charset=UTF-8

GET
H2

200

flip-img.php
go.onlyfuns.win/
Redirect Chain

https://saml.federation.effem.com/image/aHR0cHM6Ly9nby5vbmx5ZnVucy53aW4vZmxpcC1pbWcucGhwP2ltZz1odHRwczovL2ltYWdlLndpbnVkZi5jb20vdjIvaW1hZ2UxL1kyOXRMbkJoY21Ga2FYTXVhMkZzWVcxaGJtbDZZWGRxWDNOamNtVmxib...
https://go.onlyfuns.win/flip-img.php?img=https://image.winudf.com/v2/image1/Y29tLnBhcmFkaXMua2FsYW1hbml6YXdqX3NjcmVlbl81XzE1NDk2ODU0NDRfMDkx/screen-5.jpg?fakeurl=1&type=.jpg

852 KB
854 KB

622ms
618ms

Image
image/jpeg

2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://go.onlyfuns.win/flip-img.php?img=https://image.winudf.com/v2/image1/Y29tLnBhcmFkaXMua2FsYW1hbml6YXdqX3NjcmVlbl81XzE1NDk2ODU0NDRfMDkx/screen-5.jpg?fakeurl=1&type=.jpg

Requested by

Host: saml.federation.effem.com
URL: https://saml.federation.effem.com/

Protocol

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5051cbcadd58145bc4ef0b6b14a7339585fa13574cea91e33452aca31e229ce3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://saml.federation.effem.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Tue, 06 Dec 2022 14:55:42 GMT
strict-transport-security: max-age=31536000
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KRtc5tcImy3cAg5UVDHIOzFtJ9oZo0JSCAyM2Qh1ekla4lJp3c8HsCZXJ2lRhc9dSlz%2BWWOmbCozKfRYCEiq%2FlZ8Ew5QcnsTna5jyb63P8%2B3ZBrLuG2xHjkclzd4kkVTGQRn1PMTzkVf6Mwuufk%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cf-ray: 7755dd30bcad9bb2-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

Redirect headers

location: https://go.onlyfuns.win/flip-img.php?img=https://image.winudf.com/v2/image1/Y29tLnBhcmFkaXMua2FsYW1hbml6YXdqX3NjcmVlbl81XzE1NDk2ODU0NDRfMDkx/screen-5.jpg?fakeurl=1&type=.jpg
date: Tue, 06 Dec 2022 14:55:42 GMT
strict-transport-security: max-age=31536000
server: nginx
content-type: text/html; charset=UTF-8

GET
H2

200

flip-img.php
go.onlyfuns.win/
Redirect Chain

https://saml.federation.effem.com/image/aHR0cHM6Ly9nby5vbmx5ZnVucy53aW4vZmxpcC1pbWcucGhwP2ltZz1odHRwczovL2kucGluaW1nLmNvbS83MzZ4L2ViL2Y1L2YxL2ViZjVmMTQ2OTBlMjZjODNmOGY1ZmQ3ODc3NDQxNDNhLmpwZw%3D%3D
https://go.onlyfuns.win/flip-img.php?img=https://i.pinimg.com/736x/eb/f5/f1/ebf5f14690e26c83f8f5fd787744143a.jpg

311 KB
312 KB

516ms
515ms

Image
image/jpeg

2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://go.onlyfuns.win/flip-img.php?img=https://i.pinimg.com/736x/eb/f5/f1/ebf5f14690e26c83f8f5fd787744143a.jpg

Requested by

Host: saml.federation.effem.com
URL: https://saml.federation.effem.com/

Protocol

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

449756982e96f6bc732f93fb6169c327085a8f6cd2cf2b1e03a756faf9a02e60

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://saml.federation.effem.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Tue, 06 Dec 2022 14:55:42 GMT
strict-transport-security: max-age=31536000
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TTdhbDMgxmpcpiCJdaWGyoDUeDOE9qx6bIcrzmlVc9kAPWZwpKSRBkR4Eb8Bf4CBvm%2FxUVY%2B5kzqamZjsB14kapdNv1RwTQNxfkOrueSlN8is%2FfRDe8GMRIyc7660lxkhd3GJ7LUUYRSdsxcUd4%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cf-ray: 7755dd313dc29bb2-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

Redirect headers

location: https://go.onlyfuns.win/flip-img.php?img=https://i.pinimg.com/736x/eb/f5/f1/ebf5f14690e26c83f8f5fd787744143a.jpg
date: Tue, 06 Dec 2022 14:55:42 GMT
strict-transport-security: max-age=31536000
server: nginx
content-type: text/html; charset=UTF-8

GET
H2

200

flip-img.php
go.onlyfuns.win/
Redirect Chain

https://saml.federation.effem.com/image/aHR0cHM6Ly9nby5vbmx5ZnVucy53aW4vZmxpcC1pbWcucGhwP2ltZz1odHRwczovL2kucGluaW1nLmNvbS83MzZ4LzE5Lzg5LzhiLzE5ODk4YjIxNDc3NjFlMTQyM2Q4NWQzYzQ3ZjQ0MzNhLmpwZw%3D%3D
https://go.onlyfuns.win/flip-img.php?img=https://i.pinimg.com/736x/19/89/8b/19898b2147761e1423d85d3c47f4433a.jpg

381 KB
381 KB

606ms
606ms

Image
image/jpeg

2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://go.onlyfuns.win/flip-img.php?img=https://i.pinimg.com/736x/19/89/8b/19898b2147761e1423d85d3c47f4433a.jpg

Requested by

Host: saml.federation.effem.com
URL: https://saml.federation.effem.com/

Protocol

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8ac8e70cf9ad49d05f17ad236ae22ada3ac9740c9833a5f06d9b11ba7f73dc78

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://saml.federation.effem.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Tue, 06 Dec 2022 14:55:42 GMT
strict-transport-security: max-age=31536000
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xpyEWkrMzsE4VWAezZ8KzQi0tj8Kxe9O9eSEyfCK58dCEmIzOxnyx0F7OzHRxLgHIvJSphJ%2BTTrIgdAnJMt20UPXwLh9TFSeqpDwXGYnqtyl5jspLhOw0CK4shFD7%2FTXTa45VlrB2Othf32p7TM%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cf-ray: 7755dd314dfe9bb2-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

Redirect headers

location: https://go.onlyfuns.win/flip-img.php?img=https://i.pinimg.com/736x/19/89/8b/19898b2147761e1423d85d3c47f4433a.jpg
date: Tue, 06 Dec 2022 14:55:42 GMT
strict-transport-security: max-age=31536000
server: nginx
content-type: text/html; charset=UTF-8

GET
H2

200

flip-img.php
go.onlyfuns.win/
Redirect Chain

https://saml.federation.effem.com/image/aHR0cHM6Ly9nby5vbmx5ZnVucy53aW4vZmxpcC1pbWcucGhwP2ltZz1odHRwczovLzIuYnAuYmxvZ3Nwb3QuY29tLy1mQnN5Q25aeE5Vcy9WbGI3MlVwbXpUSS9BQUFBQUFBQUNwYy9mZ1ptOXNJNkRtdy93N...
https://go.onlyfuns.win/flip-img.php?img=https://2.bp.blogspot.com/-fBsyCnZxNUs/Vlb72UpmzTI/AAAAAAAACpc/fgZm9sI6Dmw/w530-h636-p/large.jpg

403 KB
404 KB

414ms
414ms

Image
image/jpeg

2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://go.onlyfuns.win/flip-img.php?img=https://2.bp.blogspot.com/-fBsyCnZxNUs/Vlb72UpmzTI/AAAAAAAACpc/fgZm9sI6Dmw/w530-h636-p/large.jpg

Requested by

Host: saml.federation.effem.com
URL: https://saml.federation.effem.com/

Protocol

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0ee3a3092e71b0e5500fe6695897178542758edc24e66f91ac30b5fd9cf70ace

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://saml.federation.effem.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Tue, 06 Dec 2022 14:55:42 GMT
strict-transport-security: max-age=31536000
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QBRp72P%2FAzcMlhe%2FRGHHPz3Z9tauT2eW%2BSfjc2yJtrqbzexJu9syTYuZjkK1%2B7YYoMlEa0khAP51SO%2BBesgaHzrEI1tC600WqKW8pw9PPZypNjhKiKECbJRsBtGFUi1GeB1m%2FnufVlSobOGs3e4%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cf-ray: 7755dd315e169bb2-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

Redirect headers

location: https://go.onlyfuns.win/flip-img.php?img=https://2.bp.blogspot.com/-fBsyCnZxNUs/Vlb72UpmzTI/AAAAAAAACpc/fgZm9sI6Dmw/w530-h636-p/large.jpg
date: Tue, 06 Dec 2022 14:55:42 GMT
strict-transport-security: max-age=31536000
server: nginx
content-type: text/html; charset=UTF-8

GET
H2

200

flip-img.php
go.onlyfuns.win/
Redirect Chain

https://saml.federation.effem.com/image/aHR0cHM6Ly9nby5vbmx5ZnVucy53aW4vZmxpcC1pbWcucGhwP2ltZz1odHRwczovL2ltYWdlLndpbnVkZi5jb20vdjIvaW1hZ2UxL1kyOXRMbkJoY21Ga2FYTXVhMkZzWVcxaGJtbDZZWGRxWDNOamNtVmxib...
https://go.onlyfuns.win/flip-img.php?img=https://image.winudf.com/v2/image1/Y29tLnBhcmFkaXMua2FsYW1hbml6YXdqX3NjcmVlbl8wXzE1NDk2ODU0NDFfMDA1/screen-0.jpg?fakeurl=1&type=.jpg

523 KB
524 KB

467ms
466ms

Image
image/jpeg

2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://go.onlyfuns.win/flip-img.php?img=https://image.winudf.com/v2/image1/Y29tLnBhcmFkaXMua2FsYW1hbml6YXdqX3NjcmVlbl8wXzE1NDk2ODU0NDFfMDA1/screen-0.jpg?fakeurl=1&type=.jpg

Requested by

Host: saml.federation.effem.com
URL: https://saml.federation.effem.com/

Protocol

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a95ae39279c489ec013a09ea381ad240085d9a9aabb1a7cb1e7a14c9500e07ab

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://saml.federation.effem.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Tue, 06 Dec 2022 14:55:42 GMT
strict-transport-security: max-age=31536000
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Z53cwImi5Ju9FC8pKUdieoanHm5C5DysHldaomBlvKwfyrY%2BIDzt1Lk0f9NAftEIk0Cv1oahwz0%2FJT5QM1wbpA85GrSkTZbftwJ2mRZxDZHM%2BbCnSn5AmXzjz0llQJjlWlVIOkmcuziACgey8Uk%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cf-ray: 7755dd313db89bb2-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

Redirect headers

location: https://go.onlyfuns.win/flip-img.php?img=https://image.winudf.com/v2/image1/Y29tLnBhcmFkaXMua2FsYW1hbml6YXdqX3NjcmVlbl8wXzE1NDk2ODU0NDFfMDA1/screen-0.jpg?fakeurl=1&type=.jpg
date: Tue, 06 Dec 2022 14:55:42 GMT
strict-transport-security: max-age=31536000
server: nginx
content-type: text/html; charset=UTF-8

GET
H2

200

flip-img.php
go.onlyfuns.win/
Redirect Chain

https://saml.federation.effem.com/image/aHR0cHM6Ly9nby5vbmx5ZnVucy53aW4vZmxpcC1pbWcucGhwP2ltZz1odHRwczovL3Bicy50d2ltZy5jb20vbWVkaWEvRGFMSHk1aVdBQUkxN29CP2Zvcm1hdD1qcGcmbmFtZT1tZWRpdW0%3D
https://go.onlyfuns.win/flip-img.php?img=https://pbs.twimg.com/media/DaLHy5iWAAI17oB?format=jpg&name=medium

870 KB
872 KB

589ms
588ms

Image
image/jpeg

2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://go.onlyfuns.win/flip-img.php?img=https://pbs.twimg.com/media/DaLHy5iWAAI17oB?format=jpg&name=medium

Requested by

Host: saml.federation.effem.com
URL: https://saml.federation.effem.com/

Protocol

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

30a1c3e8074449ce97c25b80d841caf7e790c3bd2a5faa570dd297e3d1a8e630

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://saml.federation.effem.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Tue, 06 Dec 2022 14:55:42 GMT
strict-transport-security: max-age=31536000
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HNYuAvw96K1bscerlVZNd9wFvQN4UTjDF8BX75tG0CgbfkOip3zmd%2FSFhS%2F5IrjSSXQZNp8aSohd%2F3mRX31RKVNULrpcPLzgH8Bd7EJnU4drOrkpSaPPLhtZXMG6WJpul1Nn8rIHj4hzoc%2FtAEk%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cf-ray: 7755dd315e109bb2-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

Redirect headers

location: https://go.onlyfuns.win/flip-img.php?img=https://pbs.twimg.com/media/DaLHy5iWAAI17oB?format=jpg&name=medium
date: Tue, 06 Dec 2022 14:55:42 GMT
strict-transport-security: max-age=31536000
server: nginx
content-type: text/html; charset=UTF-8

GET
H2

200

flip-img.php
go.onlyfuns.win/
Redirect Chain

https://saml.federation.effem.com/image/aHR0cHM6Ly9nby5vbmx5ZnVucy53aW4vZmxpcC1pbWcucGhwP2ltZz1odHRwczovL3d3dy55YXphd2FqLmNvbS9tZW1iZXJzL2ltYWdlcy9ub3JtYWwvMjg2NTUzLnBuZw%3D%3D
https://go.onlyfuns.win/flip-img.php?img=https://www.yazawaj.com/members/images/normal/286553.png

281 KB
282 KB

3141ms
3140ms

Image
image/jpeg

2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://go.onlyfuns.win/flip-img.php?img=https://www.yazawaj.com/members/images/normal/286553.png

Requested by

Host: saml.federation.effem.com
URL: https://saml.federation.effem.com/

Protocol

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

98ccaf73584ac1cb8d4c85da05c16bf809a051abd8ee6810e7091f95ba055de8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://saml.federation.effem.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Tue, 06 Dec 2022 14:55:45 GMT
strict-transport-security: max-age=31536000
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3foo4PaEbg1Qsg%2BrPi7uzfF%2BAZFMH90j7c1BhIgTjRpp4a4TVV8KHmHhhe8DRtL9xspza%2BSdMctN%2FfI87IgD6XlDxRZXX6IJw9wb%2Bayqitk4dHoyXevjWLAoYCgeJkrFtNOODblGHnVMpky%2F47A%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cf-ray: 7755dd314dfb9bb2-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

Redirect headers

location: https://go.onlyfuns.win/flip-img.php?img=https://www.yazawaj.com/members/images/normal/286553.png
date: Tue, 06 Dec 2022 14:55:42 GMT
strict-transport-security: max-age=31536000
server: nginx
content-type: text/html; charset=UTF-8

GET
H2

200

flip-img.php
go.onlyfuns.win/
Redirect Chain

https://saml.federation.effem.com/image/aHR0cHM6Ly9nby5vbmx5ZnVucy53aW4vZmxpcC1pbWcucGhwP2ltZz1odHRwczovLzQuYnAuYmxvZ3Nwb3QuY29tLy1oNmtrWGNSalFZZy9WTDluNDFybENsSS9BQUFBQUFBQVVLYy9JeFlrQ3FBRG43dy9zM...
https://go.onlyfuns.win/flip-img.php?img=https://4.bp.blogspot.com/-h6kkXcRjQYg/VL9n41rlClI/AAAAAAAAUKc/IxYkCqADn7w/s1600/ArabiGirls2015.blogspot.com%2B(42).jpg

529 KB
530 KB

648ms
647ms

Image
image/jpeg

2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://go.onlyfuns.win/flip-img.php?img=https://4.bp.blogspot.com/-h6kkXcRjQYg/VL9n41rlClI/AAAAAAAAUKc/IxYkCqADn7w/s1600/ArabiGirls2015.blogspot.com%2B(42).jpg

Requested by

Host: saml.federation.effem.com
URL: https://saml.federation.effem.com/

Protocol

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6ae6545f7e724a83d3ae63b848d4afa370b9b8bc1ed299f1dcb56e2057303957

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://saml.federation.effem.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Tue, 06 Dec 2022 14:55:42 GMT
strict-transport-security: max-age=31536000
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YhYGDlbxBAE6yinBkYdVvNOdio%2B0bpXeTp5xfXXuf2O7ZPDNWsZE22k1sOKLmINI12OJmTi%2BTktRBy4t2kAiRgHyy2VcQwNhJMVZ85MKcazTiWXb%2BQqa%2BOW9d%2FWvxoj309uEUWSRolgs9j91dls%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cf-ray: 7755dd315e119bb2-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

Redirect headers

location: https://go.onlyfuns.win/flip-img.php?img=https://4.bp.blogspot.com/-h6kkXcRjQYg/VL9n41rlClI/AAAAAAAAUKc/IxYkCqADn7w/s1600/ArabiGirls2015.blogspot.com%2B(42).jpg
date: Tue, 06 Dec 2022 14:55:42 GMT
strict-transport-security: max-age=31536000
server: nginx
content-type: text/html; charset=UTF-8

GET
H2

200

flip-img.php
go.onlyfuns.win/
Redirect Chain

https://saml.federation.effem.com/image/aHR0cHM6Ly9nby5vbmx5ZnVucy53aW4vZmxpcC1pbWcucGhwP2ltZz1odHRwczovL2kucGluaW1nLmNvbS83MzZ4LzhmLzg4LzRmLzhmODg0ZjBmNzg5MTliOTM2ODhmNjg5MGVkODkyZmVlLmpwZw%3D%3D
https://go.onlyfuns.win/flip-img.php?img=https://i.pinimg.com/736x/8f/88/4f/8f884f0f78919b93688f6890ed892fee.jpg

702 KB
703 KB

816ms
816ms

Image
image/jpeg

2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://go.onlyfuns.win/flip-img.php?img=https://i.pinimg.com/736x/8f/88/4f/8f884f0f78919b93688f6890ed892fee.jpg

Requested by

Host: saml.federation.effem.com
URL: https://saml.federation.effem.com/

Protocol

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9df82005a5fd92c03ac9692449322698acc225580078475e39053f81027d5d8f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://saml.federation.effem.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Tue, 06 Dec 2022 14:55:43 GMT
strict-transport-security: max-age=31536000
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vfsYratFbGfmXd8lghz%2BJvdSmJdr6pT5jUAhwHovXs5kUaK8FztFVjXuH%2Bb7NrceasBY71s4FDX3GtPudmJxqyIFM%2Fp5ak8cGW6WBvuFYsqofcrEcnYMHnrmFeMz%2FScmc5oDbEKq9LZX8xrRd%2FA%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cf-ray: 7755dd314dff9bb2-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

Redirect headers

location: https://go.onlyfuns.win/flip-img.php?img=https://i.pinimg.com/736x/8f/88/4f/8f884f0f78919b93688f6890ed892fee.jpg
date: Tue, 06 Dec 2022 14:55:42 GMT
strict-transport-security: max-age=31536000
server: nginx
content-type: text/html; charset=UTF-8

GET
H2

200

flip-img.php
go.onlyfuns.win/
Redirect Chain

https://saml.federation.effem.com/image/aHR0cHM6Ly9nby5vbmx5ZnVucy53aW4vZmxpcC1pbWcucGhwP2ltZz1odHRwczovL3d3dy55YXphd2FqLmNvbS9tZW1iZXJzL2ltYWdlcy9ub3JtYWwvMjg2NTYwLmpwZw%3D%3D
https://go.onlyfuns.win/flip-img.php?img=https://www.yazawaj.com/members/images/normal/286560.jpg

423 KB
424 KB

2405ms
2404ms

Image
image/jpeg

2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://go.onlyfuns.win/flip-img.php?img=https://www.yazawaj.com/members/images/normal/286560.jpg

Requested by

Host: saml.federation.effem.com
URL: https://saml.federation.effem.com/

Protocol

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e0a1fb133ca8deecf9ad1e74dbda1fbe38ac52efaf4890d254b5d664c089a146

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://saml.federation.effem.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Tue, 06 Dec 2022 14:55:44 GMT
strict-transport-security: max-age=31536000
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Z5LTtI%2BJKIHXthWzAx34MW7qoriF7unKVQp1IXtKHXufUdQ6o4gfchXDyppFATatiKBRUIj0pkqXZKsdUqkWFZ0%2BU49580QqmvBrVqR1FlSkyvHE3xyIquQzqRzv5z0SBXQRUW3JPCBIp3rCvIY%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cf-ray: 7755dd313dbc9bb2-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

Redirect headers

location: https://go.onlyfuns.win/flip-img.php?img=https://www.yazawaj.com/members/images/normal/286560.jpg
date: Tue, 06 Dec 2022 14:55:42 GMT
strict-transport-security: max-age=31536000
server: nginx
content-type: text/html; charset=UTF-8

GET
H2

200

flip-img.php
go.onlyfuns.win/
Redirect Chain

https://saml.federation.effem.com/image/aHR0cHM6Ly9nby5vbmx5ZnVucy53aW4vZmxpcC1pbWcucGhwP2ltZz1odHRwczovL3Bicy50d2ltZy5jb20vbWVkaWEvQlVJcmZkVElnQUFkVnhHLmpwZw%3D%3D
https://go.onlyfuns.win/flip-img.php?img=https://pbs.twimg.com/media/BUIrfdTIgAAdVxG.jpg

419 KB
420 KB

929ms
929ms

Image
image/jpeg

2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://go.onlyfuns.win/flip-img.php?img=https://pbs.twimg.com/media/BUIrfdTIgAAdVxG.jpg

Requested by

Host: saml.federation.effem.com
URL: https://saml.federation.effem.com/

Protocol

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e122f1cadfe387c53e2c35aa4a46d4560903557949e59c5683533afe27da18e8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://saml.federation.effem.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Tue, 06 Dec 2022 14:55:43 GMT
strict-transport-security: max-age=31536000
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=77zmf2zwBLz56hSMrx7uPOEJzH%2BdX2Okmv7KKZ7iVCmZvOsA1bDzvpVpWrj6K508fGtlEqmWZPfgF2q2xTcHv9j0w6toD2FShibXw002um0WqyC8StvMiTOgCAhD6hRcRostVpdzCoykTqbdfFI%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cf-ray: 7755dd316e3e9bb2-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

Redirect headers

location: https://go.onlyfuns.win/flip-img.php?img=https://pbs.twimg.com/media/BUIrfdTIgAAdVxG.jpg
date: Tue, 06 Dec 2022 14:55:42 GMT
strict-transport-security: max-age=31536000
server: nginx
content-type: text/html; charset=UTF-8

GET
H2

200

flip-img.php
go.onlyfuns.win/
Redirect Chain

https://saml.federation.effem.com/image/aHR0cHM6Ly9nby5vbmx5ZnVucy53aW4vZmxpcC1pbWcucGhwP2ltZz1odHRwczovL3Bicy50d2ltZy5jb20vbWVkaWEvRkpBVWRBRFhvQUluSmJSP2Zvcm1hdD1qcGcmbmFtZT1tZWRpdW0%3D
https://go.onlyfuns.win/flip-img.php?img=https://pbs.twimg.com/media/FJAUdADXoAInJbR?format=jpg&name=medium

656 KB
657 KB

1020ms
1019ms

Image
image/jpeg

2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://go.onlyfuns.win/flip-img.php?img=https://pbs.twimg.com/media/FJAUdADXoAInJbR?format=jpg&name=medium

Requested by

Host: saml.federation.effem.com
URL: https://saml.federation.effem.com/

Protocol

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5c7c9429388913931bce44879bf1432adf1ccf3e6902fb373d6dfdd8e6128d91

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://saml.federation.effem.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Tue, 06 Dec 2022 14:55:43 GMT
strict-transport-security: max-age=31536000
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=v2y6y2HEelAmU16qNiHKczBUqn29wB7lc6MO8eX2wm7Ujcd8HsbrVf%2FLL4a0vDAn2lIIFQgHw0QAa%2BQaDhegavRpEPfbNRysT%2F43wfyGoef7EXTeXrznOoHa5UXtkv82STzeNtske9Ken6B4ycM%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cf-ray: 7755dd313dc99bb2-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

Redirect headers

location: https://go.onlyfuns.win/flip-img.php?img=https://pbs.twimg.com/media/FJAUdADXoAInJbR?format=jpg&name=medium
date: Tue, 06 Dec 2022 14:55:42 GMT
strict-transport-security: max-age=31536000
server: nginx
content-type: text/html; charset=UTF-8

GET
H2

200

flip-img.php
go.onlyfuns.win/
Redirect Chain

https://saml.federation.effem.com/image/aHR0cHM6Ly9nby5vbmx5ZnVucy53aW4vZmxpcC1pbWcucGhwP2ltZz1odHRwczovL2kucGluaW1nLmNvbS83MzZ4LzZjLzk5LzAyLzZjOTkwMjI0YTVjMjA4MTk4MzY5Y2ZjMTJjN2VhYTUwLmpwZw%3D%3D
https://go.onlyfuns.win/flip-img.php?img=https://i.pinimg.com/736x/6c/99/02/6c990224a5c208198369cfc12c7eaa50.jpg

321 KB
322 KB

580ms
579ms

Image
image/jpeg

2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://go.onlyfuns.win/flip-img.php?img=https://i.pinimg.com/736x/6c/99/02/6c990224a5c208198369cfc12c7eaa50.jpg

Requested by

Host: saml.federation.effem.com
URL: https://saml.federation.effem.com/

Protocol

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

22a3faa780fef070ded4594178482b4d96fb12e72e1fe5462aafa0aa8e0012b5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://saml.federation.effem.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Tue, 06 Dec 2022 14:55:42 GMT
strict-transport-security: max-age=31536000
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=icSB4ZH3caPjHHNb50OqTc5gPB%2FjD%2Fjgsr3L39rYCrTrXSseXHy%2Fz0smLEvJv52rBf1c4WFVvCdSQ3%2FaFn0B%2BPDPW5Q%2FRYcbkx2sSZM8Z7zuLAVJVmoSpbxuBlLXHQcujSDVvaA%2Bg%2FdnqrHJb04%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cf-ray: 7755dd312daf9bb2-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

Redirect headers

location: https://go.onlyfuns.win/flip-img.php?img=https://i.pinimg.com/736x/6c/99/02/6c990224a5c208198369cfc12c7eaa50.jpg
date: Tue, 06 Dec 2022 14:55:42 GMT
strict-transport-security: max-age=31536000
server: nginx
content-type: text/html; charset=UTF-8

GET
H2

200

flip-img.php
go.onlyfuns.win/
Redirect Chain

https://saml.federation.effem.com/image/aHR0cHM6Ly9nby5vbmx5ZnVucy53aW4vZmxpcC1pbWcucGhwP2ltZz1odHRwOi8vbGgzLmdvb2dsZXVzZXJjb250ZW50LmNvbS9QZHYyMW5NRmNrSEo0WHlNak1tMzlBRXVPMVFFelluaE5FOEJMZEVUUkhTZ...
https://go.onlyfuns.win/flip-img.php?img=http://lh3.googleusercontent.com/Pdv21nMFckHJ4XyMjMm39AEuO1QEzYnhNE8BLdETRHSg8Riqw60cTfb8HdHatibRtFY=h800

378 KB
378 KB

914ms
914ms

Image
image/jpeg

2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://go.onlyfuns.win/flip-img.php?img=http://lh3.googleusercontent.com/Pdv21nMFckHJ4XyMjMm39AEuO1QEzYnhNE8BLdETRHSg8Riqw60cTfb8HdHatibRtFY=h800

Requested by

Host: saml.federation.effem.com
URL: https://saml.federation.effem.com/

Protocol

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a2438253fa29da7463be64dd1a30c70661b9f28306ee3d4f3a6848166204fb04

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://saml.federation.effem.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Tue, 06 Dec 2022 14:55:43 GMT
strict-transport-security: max-age=31536000
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nEINlf0PlqYGD0En%2FYa8p%2F6UCQg7ENmuAgTM5bl3wA8L7fsN4e0YJtbQ%2B3RIq9MwIFYWls5yl%2FEltPuiV5ela1X7rcynStLtZYm%2BFHmXevHhwHUE6dcz4nept8tI5FKS0Gt0T3mDhGt7ps3qCUE%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cf-ray: 7755dd313dc89bb2-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

Redirect headers

location: https://go.onlyfuns.win/flip-img.php?img=http://lh3.googleusercontent.com/Pdv21nMFckHJ4XyMjMm39AEuO1QEzYnhNE8BLdETRHSg8Riqw60cTfb8HdHatibRtFY=h800
date: Tue, 06 Dec 2022 14:55:42 GMT
strict-transport-security: max-age=31536000
server: nginx
content-type: text/html; charset=UTF-8

GET
H2

200

flip-img.php
go.onlyfuns.win/
Redirect Chain

https://saml.federation.effem.com/image/aHR0cHM6Ly9nby5vbmx5ZnVucy53aW4vZmxpcC1pbWcucGhwP2ltZz1odHRwczovL2kucGluaW1nLmNvbS83MzZ4L2QyLzc0LzQ0L2QyNzQ0NDUzNDhkZjM1YTYzNzVkNjAzNTAxMjMzYWE3LmpwZw%3D%3D
https://go.onlyfuns.win/flip-img.php?img=https://i.pinimg.com/736x/d2/74/44/d274445348df35a6375d603501233aa7.jpg

758 KB
760 KB

1006ms
1005ms

Image
image/jpeg

2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://go.onlyfuns.win/flip-img.php?img=https://i.pinimg.com/736x/d2/74/44/d274445348df35a6375d603501233aa7.jpg

Requested by

Host: saml.federation.effem.com
URL: https://saml.federation.effem.com/

Protocol

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

323e261328274dd53d617a93702e1561f82a9e69ff33dd30717cc3d78b96b9d8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://saml.federation.effem.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Tue, 06 Dec 2022 14:55:43 GMT
strict-transport-security: max-age=31536000
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hKND3qWdKzgzYEGQ3Li4DaQ7yn%2BYWZo8yvOwJNydYPZHKtoGgbBj30GTTTFr21zXLFzS6NrQRNv3yYIHazLBVKH9p1vAQLCA64GtwGn5y8A8ruuSi3AkjI8QF0r7wtmMdTJl7tPdhRlQZgrG9fg%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cf-ray: 7755dd313dc39bb2-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

Redirect headers

location: https://go.onlyfuns.win/flip-img.php?img=https://i.pinimg.com/736x/d2/74/44/d274445348df35a6375d603501233aa7.jpg
date: Tue, 06 Dec 2022 14:55:42 GMT
strict-transport-security: max-age=31536000
server: nginx
content-type: text/html; charset=UTF-8

GET
H2

200

flip-img.php
go.onlyfuns.win/
Redirect Chain

https://saml.federation.effem.com/image/aHR0cHM6Ly9nby5vbmx5ZnVucy53aW4vZmxpcC1pbWcucGhwP2ltZz1odHRwczovL3Bicy50d2ltZy5jb20vbWVkaWEvRTdkOGNncVVjQWNiVkVxLmpwZw%3D%3D
https://go.onlyfuns.win/flip-img.php?img=https://pbs.twimg.com/media/E7d8cgqUcAcbVEq.jpg

475 KB
475 KB

1060ms
1060ms

Image
image/jpeg

2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://go.onlyfuns.win/flip-img.php?img=https://pbs.twimg.com/media/E7d8cgqUcAcbVEq.jpg

Requested by

Host: saml.federation.effem.com
URL: https://saml.federation.effem.com/

Protocol

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d2e2ffba8a4f31186085831eb4e8ea9dcb50bbaf85a086a1ff05a8db6f8b503c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://saml.federation.effem.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Tue, 06 Dec 2022 14:55:43 GMT
strict-transport-security: max-age=31536000
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=aDx35kztw1pGKjLK333%2FdBTR7LoueKIteitMiaQJ2UZo%2Fu%2BK9rCa%2BYW1vXZwlIzpG4ft%2BEK4AzoqGE7Palp4zw%2FsB0QWK%2B90wBCSpOY%2BbBMA8NbOsgrUhxWd%2B91K2rLTIUNk0AYrZE9VTWx0D5w%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cf-ray: 7755dd314e019bb2-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

Redirect headers

location: https://go.onlyfuns.win/flip-img.php?img=https://pbs.twimg.com/media/E7d8cgqUcAcbVEq.jpg
date: Tue, 06 Dec 2022 14:55:42 GMT
strict-transport-security: max-age=31536000
server: nginx
content-type: text/html; charset=UTF-8

GET
H2 200 jquery-3.2.1.min.js Show response
code.jquery.com/ 85 KB
30 KB 1910ms
1323ms Script
application/javascript 2001:4de0:ac18::1:a:1b
STACKPATH-CDN

General

Check archive.org

Show headers Download Go to

Full URL: https://code.jquery.com/jquery-3.2.1.min.js
Requested by: Host: saml.federation.effem.com
URL: https://saml.federation.effem.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4de0:ac18::1:a:1b , Netherlands, ASN20446 (STACKPATH-CDN, US),
Reverse DNS
Software: nginx /
Resource Hash: 87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://saml.federation.effem.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Tue, 06 Dec 2022 14:55:42 GMT
content-encoding: gzip
last-modified: Fri, 12 Aug 2022 13:47:02 GMT
server: nginx
etag: W/"62f659d6-15283"
vary: Accept-Encoding
x-hw: 1670338542.dop007.fr8.t,1670338542.cds158.fr8.hn,1670338542.cds133.fr8.c
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=315360000, public
accept-ranges: bytes
content-length: 30125

GET
H2 200 popper.min.js Show response
cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/ 19 KB
7 KB 72ms
27ms Script
application/javascript 2606:4700::6811:190e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js

Requested by

Host: saml.federation.effem.com
URL: https://saml.federation.effem.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a52f7aa54d7bcaafa056ee0a050262dfc5694ae28dee8b4cac3429af37ff0d66

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://saml.federation.effem.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Tue, 06 Dec 2022 14:55:42 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 423267
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 6157
last-modified: Mon, 04 May 2020 16:15:37 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03fa9-4af4"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MaOpe6TU1VPAJjHnAYP4UM83yFqrxTOuIgL5Cw1IBYwB0F246dNq7xraUQ%2FobGw1O4bQ4wP%2FIUYAwTGeDRI5wkO2df0L4bPuyutRM3qe12QWWq7jLsyjDI%2FqOhlBdjyRBWPwkULNl5XECgbMdH4dvGpI"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 7755dd2fdbd69a0f-FRA
expires: Sun, 26 Nov 2023 14:55:42 GMT

GET
H2 200 bootstrap.min.js Show response
maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/ 48 KB
13 KB 40ms
30ms Script
application/javascript 2606:4700::6812:acf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js

Requested by

Host: saml.federation.effem.com
URL: https://saml.federation.effem.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:acf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e7ed36ceee5450b4243bbc35188afabdfb4280c7c57597001de0ed167299b01b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://saml.federation.effem.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Tue, 06 Dec 2022 14:55:42 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
cdn-edgestorageid: 617, 617, 617
age: 27234807
cdn-cachedat: 2021-06-08 14:29:21
cdn-pullzone: 252412
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Mon, 25 Jan 2021 22:04:04 GMT
server: cloudflare
cdn-requestpullcode: 200
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cache-control: public, max-age=31919000
cdn-requestid: 395e10f82368220a7b7579d8f1c28956
timing-allow-origin: *
cdn-requestcountrycode: US
cf-ray: 7755dd2fa96c9235-FRA
cdn-requestpullsuccess: True

GET
H2 200 main.js Show response
saml.federation.effem.com/templates/gallery/assets/scripts/ 1 KB
721 B 38ms
28ms Script
application/javascript 178.18.246.10
CONTABO

General

Check archive.org

Show headers Download Go to

Full URL

https://saml.federation.effem.com/templates/gallery/assets/scripts/main.js

Requested by

Host: saml.federation.effem.com
URL: https://saml.federation.effem.com/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

178.18.246.10 Munich, Germany, ASN51167 (CONTABO, DE),

Reverse DNS

vmi613361.contaboserver.net

Software

nginx /

Resource Hash

607a1442a5c713374b5f4115bd99f96cda9159b0f6583348e40da9c652c1038d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://saml.federation.effem.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Tue, 06 Dec 2022 14:55:42 GMT
strict-transport-security: max-age=31536000
content-encoding: gzip
last-modified: Thu, 01 Feb 2018 08:53:40 GMT
server: nginx
etag: W/"5a72d594-445"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=43200
expires: Wed, 07 Dec 2022 02:55:42 GMT

GET
H2 200 lazysizes.min.js Show response
saml.federation.effem.com/templates/gallery/assets/scripts/ 7 KB
4 KB 38ms
28ms Script
application/javascript 178.18.246.10
CONTABO

General

Check archive.org

Show headers Download Go to

Full URL

https://saml.federation.effem.com/templates/gallery/assets/scripts/lazysizes.min.js

Requested by

Host: saml.federation.effem.com
URL: https://saml.federation.effem.com/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

178.18.246.10 Munich, Germany, ASN51167 (CONTABO, DE),

Reverse DNS

vmi613361.contaboserver.net

Software

nginx /

Resource Hash

5ac4b10695e881023cd2af22d16152ef046ea3b1916c2cc8c5e39e6995a92978

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://saml.federation.effem.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Tue, 06 Dec 2022 14:55:42 GMT
strict-transport-security: max-age=31536000
content-encoding: gzip
last-modified: Wed, 25 Sep 2019 12:03:50 GMT
server: nginx
etag: W/"5d8b57a6-1bbd"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=43200
expires: Wed, 07 Dec 2022 02:55:42 GMT

GET
H2 200 addthis_widget.js Show response
s7.addthis.com/js/300/ 353 KB
114 KB 158ms
54ms Script
application/javascript 104.75.88.126
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://s7.addthis.com/js/300/addthis_widget.js

Requested by

Host: saml.federation.effem.com
URL: https://saml.federation.effem.com/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.75.88.126 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-75-88-126.deploy.static.akamaitechnologies.com

Software

nginx/1.15.8 /

Resource Hash

acd2f7ad78edeebad4b6b0fdd17ff57d81c3726c60fd5435ee8c5a0115d29403

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://saml.federation.effem.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

strict-transport-security: max-age=15724800; includeSubDomains
content-encoding: gzip
date: Tue, 06 Dec 2022 14:55:42 GMT
last-modified: Mon, 26 Oct 2020 18:11:48 GMT
server: nginx/1.15.8
etag: W/"5f971164-5834c"
vary: Accept-Encoding
x-distribution: 99
content-type: application/javascript
cache-control: public, max-age=600
x-host: s7.addthis.com
content-length: 116325

GET
H2 200 P5sMzZCDf9_T_10ZxCE.woff2
fonts.gstatic.com/s/arimo/v27/ 18 KB
18 KB 77ms
21ms Font
font/woff2 2a00:1450:4001:80b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/arimo/v27/P5sMzZCDf9_T_10ZxCE.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Arimo:400,600,700

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1ff84f1e03eb15dedc4668f0817372b734934076bc936e12c5c0bd3944dab0c0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://saml.federation.effem.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 30 Nov 2022 16:55:22 GMT
x-content-type-options: nosniff
age: 511220
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 18260
x-xss-protection: 0
last-modified: Mon, 11 Jul 2022 21:03:24 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 30 Nov 2023 16:55:22 GMT

GET
H3 200 fontawesome-webfont.woff2
maxcdn.bootstrapcdn.com/font-awesome/latest/fonts/ 75 KB
76 KB 159ms
134ms Font
application/font-woff2 2606:4700::6812:acf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://maxcdn.bootstrapcdn.com/font-awesome/latest/fonts/fontawesome-webfont.woff2?v=4.7.0

Requested by

Host: maxcdn.bootstrapcdn.com
URL: https://maxcdn.bootstrapcdn.com/font-awesome/latest/css/font-awesome.min.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6812:acf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://maxcdn.bootstrapcdn.com/font-awesome/latest/css/font-awesome.min.css
Origin: https://saml.federation.effem.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Tue, 06 Dec 2022 14:55:42 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: MISS
cdn-edgestorageid: 874
cdn-cachedat: 11/18/2022 06:18:34
cdn-pullzone: 252412
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 77160
last-modified: Mon, 25 Jan 2021 22:04:56 GMT
cdn-proxyver: 1.03
cdn-requestpullcode: 200
server: cloudflare
etag: "af7ae505a9eed503f8b8e6982036873e"
vary: Accept-Encoding
content-type: application/font-woff2
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cache-control: public, max-age=31919000
cdn-requestid: 91c36fcaa85ef426004efb0690454733
accept-ranges: bytes
timing-allow-origin: *
cdn-requestcountrycode: DE
cdn-status: 200
cf-ray: 7755dd2feb5a9960-FRA
cdn-requestpullsuccess: True

GET
H2 200 P5sMzZCDf9_T_10XxCF8jA.woff2
fonts.gstatic.com/s/arimo/v27/ 55 KB
55 KB 67ms
26ms Font
font/woff2 2a00:1450:4001:80b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/arimo/v27/P5sMzZCDf9_T_10XxCF8jA.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Arimo:400,600,700

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

68d95266c261523aca89fa7ce2f796e14283366d8aa6f175e579e70b4edd06a3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://saml.federation.effem.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Mon, 05 Dec 2022 07:43:27 GMT
x-content-type-options: nosniff
age: 112335
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 56608
x-xss-protection: 0
last-modified: Mon, 11 Jul 2022 21:13:51 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 05 Dec 2023 07:43:27 GMT

GET
H2 200 moatframe.js Show response
z.moatads.com/addthismoatframe568911941483/ 2 KB
1 KB 78ms
20ms Script
application/x-javascript 88.221.169.143
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://z.moatads.com/addthismoatframe568911941483/moatframe.js
Requested by: Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 88.221.169.143 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a88-221-169-143.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: 05090f9390f5bc0cd23fe5f432037cc92d7cbce1ced9bfe8faf3d1c9abae85cd

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://saml.federation.effem.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Tue, 06 Dec 2022 14:55:44 GMT
content-encoding: gzip
last-modified: Fri, 08 Nov 2019 20:13:52 GMT
server: AmazonS3
x-amz-request-id: B402EDC6F7271ED7
etag: "f14b4e1f799b14f798a195f43cf58376"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: max-age=20463
accept-ranges: bytes
content-length: 948
x-amz-id-2: 3ZiQcYtRTuh4WJ4BUq+mWoVqgQk4EdHwIkUrSZre2GxPFo/4IUZsv5aBqLknQUvSl0wjR3iM+HQ=

GET
H2 200 _ate.track.config_resp Show response
v1.addthisedge.com/live/boost/ra-606a46762a1f240a/ 5 KB
1 KB 167ms
30ms Script
application/javascript 104.75.88.126
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://v1.addthisedge.com/live/boost/ra-606a46762a1f240a/_ate.track.config_resp
Requested by: Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.75.88.126 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-75-88-126.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: d40f651b2eabd5dd23588dbeb8b98d1ff5d5088622b01bb96c3fce8c49d1d2f7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://saml.federation.effem.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Tue, 06 Dec 2022 14:55:44 GMT
content-encoding: gzip
etag: 1387716622--gzip
vary: Accept-Encoding
content-type: application/javascript;charset=utf-8
cache-control: public, max-age=31, s-maxage=86400
content-disposition: attachment; filename=1.txt
content-length: 1274

GET
H2 200 300lo.json Show response
m.addthis.com/live/red_lojson/ 89 B
249 B 212ms
187ms Script
application/javascript 104.75.88.126
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://m.addthis.com/live/red_lojson/300lo.json?si=638f57ef8533115f&bkl=0&bl=1&pdt=1315&sid=638f57ef8533115f&pub=ra-606a46762a1f240a&rev=v8.28.8-wp&ln=en&pc=men&cb=0&ab=-&dp=saml.federation.effem.com&fp=&fr=&of=0&pd=0&irt=0&vcl=0&md=0&ct=1&tct=0&abt=0&cdn=0&pi=1&rb=0&gen=100&chr=UTF-8&mk=%D8%A7%D9%84%D8%AA%D8%B9%D8%A7%D8%B1%D9%81%20%D9%88%20%D8%A7%D9%84%D8%B2%D9%88%D8%A7%D8%AC&colc=1670338543980&jsl=1&uvs=638f57ef53e79dd6000&skipb=1&callback=addthis.cbs.jsonp__60360734077118370
Requested by: Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.75.88.126 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-75-88-126.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: c714301aa5ac70c82754eacb49cd020e28bcc6986300db25ef340a0b3e24aad8

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://saml.federation.effem.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 06 Dec 2022 14:55:44 GMT
cache-control: max-age=0, no-cache, no-store, no-transform
content-disposition: attachment; filename=1.txt
content-length: 89
content-type: application/javascript;charset=utf-8

GET sh.f48a1a04fe8dbf021b4cda1d.html
s7.addthis.com/static/ Frame 9123 0
0

GET
H2 200 sh.f48a1a04fe8dbf021b4cda1d.html Show response
s7.addthis.com/static/ Frame 0371 71 KB
26 KB 40ms
40ms Document
text/html 104.75.88.126
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://s7.addthis.com/static/sh.f48a1a04fe8dbf021b4cda1d.html

Requested by

Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.75.88.126 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-75-88-126.deploy.static.akamaitechnologies.com

Software

nginx/1.15.8 /

Resource Hash

7b6bfa13f0778c40bb2a00af9819bea2f07afcb4d071e7e4f436196953a5db4d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

Referer: https://saml.federation.effem.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: public, max-age=86313600
content-encoding: gzip
content-length: 26421
content-type: text/html
date: Tue, 06 Dec 2022 14:55:44 GMT
etag: W/"5f971164-11adc"
last-modified: Mon, 26 Oct 2020 18:11:48 GMT
p3p: CP="NON ADM OUR DEV IND COM STA"
server: nginx/1.15.8
strict-transport-security: max-age=15724800; includeSubDomains
timing-allow-origin: *
vary: Accept-Encoding
x-host: s7.addthis.com

GET
H2 200 custom-messages.5799ddf75a30812a3d49.js Show response
s7.addthis.com/static/ 114 KB
28 KB 24ms
24ms Script
application/javascript 104.75.88.126
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://s7.addthis.com/static/custom-messages.5799ddf75a30812a3d49.js

Requested by

Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.75.88.126 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-75-88-126.deploy.static.akamaitechnologies.com

Software

nginx/1.15.8 /

Resource Hash

6e91e73fa61993cea2208718d670f5ed1161039b2c7c9fe38e21cdbd5d5ab181

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://saml.federation.effem.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

strict-transport-security: max-age=15724800; includeSubDomains
content-encoding: gzip
date: Tue, 06 Dec 2022 14:55:44 GMT
last-modified: Mon, 26 Oct 2020 18:11:48 GMT
server: nginx/1.15.8
etag: W/"5f971164-1c9fc"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=86313600
x-host: s7.addthis.com
timing-allow-origin: *
content-length: 28560

GET
H2 200 qVr8sFA.jpg
i.imgur.com/ 67 KB
67 KB 79ms
22ms Image
image/jpeg 146.75.116.193
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.imgur.com/qVr8sFA.jpg

Requested by

Host: saml.federation.effem.com
URL: https://saml.federation.effem.com/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

146.75.116.193 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),

Reverse DNS

Software

cat factory 1.0 /

Resource Hash

d157a7d85b4b3e7d123216cb6a9edb6e60c0f7e6510ebfe476c964fb13b09d90

Security Headers

Name	Value
Strict-Transport-Security	max-age=300
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://saml.federation.effem.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Tue, 06 Dec 2022 14:55:44 GMT
strict-transport-security: max-age=300
x-content-type-options: nosniff
age: 1898456
x-cache: HIT, HIT
content-length: 68358
x-served-by: cache-iad-kjyo7100047-IAD, cache-fra-eddf8230093-FRA
last-modified: Mon, 05 Apr 2021 00:21:26 GMT
server: cat factory 1.0
x-timer: S1670338544.272678,VS0,VE0
etag: "29fc929771b93a16b4a29b8f526b8322"
access-control-allow-methods: GET, OPTIONS
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
x-cache-hits: 7260, 3

GET
H2 204 300vi.png
m.addthis.com/live/red_lojson/ 0
110 B 232ms
232ms Image
text/plain 104.75.88.126
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://m.addthis.com/live/red_lojson/300vi.png?cad=cvlbx%3Dgy01&positions=gy01%3Dcenter&goals=gy01%3Dprompt&first=1&rv=0&uvs=638f57ef53e79dd6&pub=ra-606a46762a1f240a&dp=saml.federation.effem.com&rev=v8.28.8-wp
Requested by: Host: saml.federation.effem.com
URL: https://saml.federation.effem.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.75.88.126 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-75-88-126.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://saml.federation.effem.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 06 Dec 2022 14:55:44 GMT
cache-control: max-age=0, no-cache, no-store
expires: Tue, 06 Dec 2022 14:55:44 GMT

GET
H2 200 qVr8sFA.jpg
i.imgur.com/ 67 KB
67 KB 23ms
22ms Image
image/jpeg 146.75.116.193
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.imgur.com/qVr8sFA.jpg

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

146.75.116.193 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),

Reverse DNS

Software

cat factory 1.0 /

Resource Hash

d157a7d85b4b3e7d123216cb6a9edb6e60c0f7e6510ebfe476c964fb13b09d90

Security Headers

Name	Value
Strict-Transport-Security	max-age=300
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://saml.federation.effem.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Tue, 06 Dec 2022 14:55:47 GMT
strict-transport-security: max-age=300
x-content-type-options: nosniff
age: 1898459
x-cache: HIT, HIT
content-length: 68358
x-served-by: cache-iad-kjyo7100047-IAD, cache-fra-eddf8230093-FRA
last-modified: Mon, 05 Apr 2021 00:21:26 GMT
server: cat factory 1.0
x-timer: S1670338547.220107,VS0,VE0
etag: "29fc929771b93a16b4a29b8f526b8322"
access-control-allow-methods: GET, OPTIONS
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
x-cache-hits: 7260, 4

GET
DATA 200
OK truncated
/ 141 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a3f36146f67554b989421cd2be6d58d97fc92f7c6e130d6152a0659a770f8fc2

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

Content-Type: image/png

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: s7.addthis.com
URL: https://s7.addthis.com/static/sh.f48a1a04fe8dbf021b4cda1d.html

Verdicts & Comments Add Verdict or Comment

28 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

4 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
saml.federation.effem.com/	1970-01-20 17:29:12	Name: __atuvc Value: 1%7C49
saml.federation.effem.com/	1970-01-20 07:59:00	Name: __atuvs Value: 638f57ef53e79dd6000
.addthis.com/	1970-01-20 17:29:12	Name: uvc Value: 1%7C49
.addthis.com/	1970-01-20 17:29:12	Name: loc Value: MDAwMDBFVURFSEUyMzA4MTg5MzAwMzAwMDBDSA==

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31536000

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cdnjs.cloudflare.com
code.jquery.com
f-i-n-d.onlyfuns.win
fonts.googleapis.com
fonts.gstatic.com
go.onlyfuns.win
i.imgur.com
m.addthis.com
maxcdn.bootstrapcdn.com
s7.addthis.com
saml.federation.effem.com
v1.addthisedge.com
z.moatads.com
s7.addthis.com
104.75.88.126
146.75.116.193
178.18.246.10
2001:4de0:ac18::1:a:1b
2606:4700::6811:190e
2606:4700::6812:acf
2a00:1450:4001:803::200a
2a00:1450:4001:80b::2003
2a06:98c1:3120::3
88.221.169.143
05090f9390f5bc0cd23fe5f432037cc92d7cbce1ced9bfe8faf3d1c9abae85cd
0ee3a3092e71b0e5500fe6695897178542758edc24e66f91ac30b5fd9cf70ace
1bd1eb6be5abad3f2aea69a1782253f07363ed185192ffff4266ccf57a02c13d
1cafd06835bc7b07522b1919d99322dd17f5f65ee62acd9acf3bad151d5f37e8
1ff84f1e03eb15dedc4668f0817372b734934076bc936e12c5c0bd3944dab0c0
216221967554ecc2df28e958327d34d1c00e88e84a0cb51c4891dd2bb2223974
22a3faa780fef070ded4594178482b4d96fb12e72e1fe5462aafa0aa8e0012b5
2410328e7594d80cf13346f7b1bea5946ed4300709b289df8066a617e65423dd
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe
30a1c3e8074449ce97c25b80d841caf7e790c3bd2a5faa570dd297e3d1a8e630
323e261328274dd53d617a93702e1561f82a9e69ff33dd30717cc3d78b96b9d8
32c99b5a26af872920936cf9b1132c17353e9f898fd814b74c935ab985569c32
3699262e016d5fe309f6324bede0e36b6814d99c6e81917f91b954f70f746f09
393a662cd53b3ddd9dbe547178cc25390d3bd34f916ccac94b21c874896af652
449756982e96f6bc732f93fb6169c327085a8f6cd2cf2b1e03a756faf9a02e60
44a6b12f0ff056d8346f82edf66b7f05fe2b140e77607f8ee81098a2fb526a0b
492030b3ee4235bf59a95b8f078b92f7de98551e48f143101957ac6579d5fdd4
5051cbcadd58145bc4ef0b6b14a7339585fa13574cea91e33452aca31e229ce3
5869b6f8f1f82bb53b81bf4996f23c3bd37b58efc1f28a917d1c865a2657ce4d
5ac4b10695e881023cd2af22d16152ef046ea3b1916c2cc8c5e39e6995a92978
5c7c9429388913931bce44879bf1432adf1ccf3e6902fb373d6dfdd8e6128d91
607a1442a5c713374b5f4115bd99f96cda9159b0f6583348e40da9c652c1038d
67ec9fea8b34903a8b9b5c5456445c917852d195bdf7205f2f5d7e85e8617f44
68d95266c261523aca89fa7ce2f796e14283366d8aa6f175e579e70b4edd06a3
6ae6545f7e724a83d3ae63b848d4afa370b9b8bc1ed299f1dcb56e2057303957
6e91e73fa61993cea2208718d670f5ed1161039b2c7c9fe38e21cdbd5d5ab181
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
7b6bfa13f0778c40bb2a00af9819bea2f07afcb4d071e7e4f436196953a5db4d
87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de
89fd8c5bd4056095c19115b6fd3beeace2d6f1e2facedb32792fbbcc6db66883
8a0c468b1f6d0fd936c88acf94d55b356ea131498527a32fbb3c7a07491da36a
8ac8e70cf9ad49d05f17ad236ae22ada3ac9740c9833a5f06d9b11ba7f73dc78
90cd268c88d938bfd5d08fc64930c6c6a992e549b7cd7d09f69a7bc424835235
98ccaf73584ac1cb8d4c85da05c16bf809a051abd8ee6810e7091f95ba055de8
9df82005a5fd92c03ac9692449322698acc225580078475e39053f81027d5d8f
a2438253fa29da7463be64dd1a30c70661b9f28306ee3d4f3a6848166204fb04
a3f36146f67554b989421cd2be6d58d97fc92f7c6e130d6152a0659a770f8fc2
a52f7aa54d7bcaafa056ee0a050262dfc5694ae28dee8b4cac3429af37ff0d66
a95ae39279c489ec013a09ea381ad240085d9a9aabb1a7cb1e7a14c9500e07ab
acd2f7ad78edeebad4b6b0fdd17ff57d81c3726c60fd5435ee8c5a0115d29403
c714301aa5ac70c82754eacb49cd020e28bcc6986300db25ef340a0b3e24aad8
d157a7d85b4b3e7d123216cb6a9edb6e60c0f7e6510ebfe476c964fb13b09d90
d2e2ffba8a4f31186085831eb4e8ea9dcb50bbaf85a086a1ff05a8db6f8b503c
d40f651b2eabd5dd23588dbeb8b98d1ff5d5088622b01bb96c3fce8c49d1d2f7
d66b20e317bba94e80f73a0628e1de11c91f5e3448f52477b7686822b3832cd1
e01ad03c109118704587a3502fb90ebcb29d6884304ade79e2b96c1e9a89cc58
e0a1fb133ca8deecf9ad1e74dbda1fbe38ac52efaf4890d254b5d664c089a146
e122f1cadfe387c53e2c35aa4a46d4560903557949e59c5683533afe27da18e8
e2ba34d1b1dcbbecb347fbfd6cdc7dc3ce039a10480def8b371fad59fc6e4caa
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e7ed36ceee5450b4243bbc35188afabdfb4280c7c57597001de0ed167299b01b

saml.federation.effem.com Open in urlscan Pro 178.18.246.10 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

54 Requests

33 %HTTPS

60 %IPv6

11 Domains

13 Subdomains

11 IPs

3 Countries

14914 kBTransfer

15595 kBSize

4 Cookies

2 Outgoing links

Redirected requests

54 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

saml.federation.effem.com Open in urlscan Pro
178.18.246.10 Public Scan

Screenshot
Live screenshot

Full Image

54
Requests

33 %
HTTPS

60 %
IPv6

11
Domains

13
Subdomains

11
IPs

3
Countries

14914 kB
Transfer

15595 kB
Size

4
Cookies

54 HTTP transactions
1 data transactions