stfly.me Open in urlscan Pro
2606:4700:e0::ac40:6609 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://stfly.me/sNLiLjg
Submission: On November 29 via manual (November 29th 2021, 3:48:56 pm UTC) from GB — Scanned from GB

Summary HTTP 73 Redirects Behaviour Indicators

Summary

This website contacted 22 IPs in 4 countries across 19 domains to perform 73 HTTP transactions. The main IP is 2606:4700:e0::ac40:6609, located in United States and belongs to CLOUDFLARENET, US. The main domain is stfly.me.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on May 19th 2021. Valid for: a year.

This is the only time stfly.me was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
9	2606:4700:e0:... 2606:4700:e0::ac40:6609	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2a00:1450:400... 2a00:1450:4001:810::200a	15169 (GOOGLE) (GOOGLE)
6	2606:4700:303... 2606:4700:3037::6815:309a	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	139.45.197.238 139.45.197.238	9002 (RETN-AS) (RETN-AS)
1	172.255.6.16 172.255.6.16	7979 (SERVERS-COM) (SERVERS-COM)
3	2a00:1450:400... 2a00:1450:4001:811::2003	15169 (GOOGLE) (GOOGLE)
3	139.45.197.237 139.45.197.237	9002 (RETN-AS) (RETN-AS)
5	139.45.197.239 139.45.197.239	9002 (RETN-AS) (RETN-AS)
2	139.45.195.8 139.45.195.8	9002 (RETN-AS) (RETN-AS)
1	2606:4700:303... 2606:4700:3033::ac43:b4cb	13335 (CLOUDFLAR...) (CLOUDFLARENET)
7	2a00:1450:400... 2a00:1450:4001:831::2002	15169 (GOOGLE) (GOOGLE)
1 7	2a00:1450:400... 2a00:1450:4001:830::2004	15169 (GOOGLE) (GOOGLE)
6	2606:4700:303... 2606:4700:3036::ac43:859c	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	139.45.195.254 139.45.195.254	9002 (RETN-AS) (RETN-AS)
1	178.162.156.33 178.162.156.33	60781 (LEASEWEB-...) (LEASEWEB-NL-AMS-01 Netherlands)
4	142.250.186.66 142.250.186.66	15169 (GOOGLE) (GOOGLE)
2	2620:116:800d... 2620:116:800d:21:5a23:9c4e:e774:96c1	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:4001:82b::2001	15169 (GOOGLE) (GOOGLE)
1	2600:9000:223... 2600:9000:223f:9e00:6:44e3:f8c0:93a1	16509 (AMAZON-02) (AMAZON-02)
4	2a00:1450:400... 2a00:1450:4001:829::2001	15169 (GOOGLE) (GOOGLE)
5	2a00:1450:400... 2a00:1450:4001:809::2001	15169 (GOOGLE) (GOOGLE)
73	22

9 2606:4700:e0::ac40:6609 (United States)

ASN13335 (CLOUDFLARENET, US)

stfly.me	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:810::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2606:4700:3037::6815:309a (United States)

ASN13335 (CLOUDFLARENET, US)

account.adstripe.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 139.45.197.238 (United Kingdom)

ASN9002 (RETN-AS, GB)

omchanseyr.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.255.6.16 (Netherlands)

ASN7979 (SERVERS-COM, US)

sanggilregard.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:811::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 139.45.197.237 (United Kingdom)

ASN9002 (RETN-AS, GB)

dozubatan.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 139.45.197.239 (United Kingdom)

ASN9002 (RETN-AS, GB)

toglooman.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 139.45.195.8 (United Kingdom)

ASN9002 (RETN-AS, GB)

my.rtmark.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:3033::ac43:b4cb (United States)

ASN13335 (CLOUDFLARENET, US)

tagcachestaticx.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:4001:831::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:4001:830::2004 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2606:4700:3036::ac43:859c (United States)

ASN13335 (CLOUDFLARENET, US)

itsguider.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 139.45.195.254 (United Kingdom)

ASN9002 (RETN-AS, GB)

tagcachedataxrt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 178.162.156.33 (Netherlands)

ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL)
PTR: hosted-by.leaseweb.com

perf.cdnads.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 142.250.186.66 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s05-in-f2.1e100.net

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2620:116:800d:21:5a23:9c4e:e774:96c1 (United States)

ASN16509 (AMAZON-02, US)

secure.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pixel.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82b::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

f2d720ee1e6d1faddcbc50e6d9b5e422.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:223f:9e00:6:44e3:f8c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

rules.quantcount.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:829::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:809::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

cdn.ampproject.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
11	googlesyndication.com pagead2.googlesyndication.com f2d720ee1e6d1faddcbc50e6d9b5e422.safeframe.googlesyndication.com tpc.googlesyndication.com	40 KB
9	stfly.me stfly.me	72 KB
7	google.com 1 redirects www.google.com	36 KB
6	itsguider.com itsguider.com	40 KB
6	adstripe.net account.adstripe.net	91 KB
5	ampproject.org cdn.ampproject.org	103 KB
5	doubleclick.net securepubads.g.doubleclick.net googleads.g.doubleclick.net	154 KB
5	toglooman.com toglooman.com	128 KB
3	dozubatan.com dozubatan.com	26 KB
3	gstatic.com fonts.gstatic.com	86 KB
2	quantserve.com secure.quantserve.com pixel.quantserve.com	10 KB
2	tagcachedataxrt.com tagcachedataxrt.com	478 B
2	rtmark.net my.rtmark.net	1 KB
2	omchanseyr.com omchanseyr.com	22 KB
2	googleapis.com fonts.googleapis.com	2 KB
1	quantcount.com rules.quantcount.com	429 B
1	cdnads.com perf.cdnads.com	323 B
1	tagcachestaticx.com tagcachestaticx.com	18 KB
1	sanggilregard.com sanggilregard.com	1 KB
73	19

	Domain	Requested by
9	stfly.me	stfly.me
7	www.google.com	1 redirects stfly.me tpc.googlesyndication.com
6	itsguider.com	account.adstripe.net itsguider.com
6	pagead2.googlesyndication.com	tagcachestaticx.com securepubads.g.doubleclick.net tpc.googlesyndication.com
6	account.adstripe.net	stfly.me account.adstripe.net
5	cdn.ampproject.org	securepubads.g.doubleclick.net
5	toglooman.com	omchanseyr.com toglooman.com
4	tpc.googlesyndication.com	securepubads.g.doubleclick.net itsguider.com tpc.googlesyndication.com
4	securepubads.g.doubleclick.net	itsguider.com securepubads.g.doubleclick.net
3	dozubatan.com	omchanseyr.com dozubatan.com
3	fonts.gstatic.com	fonts.googleapis.com
2	tagcachedataxrt.com	tagcachestaticx.com
2	my.rtmark.net	omchanseyr.com dozubatan.com
2	omchanseyr.com	stfly.me omchanseyr.com
2	fonts.googleapis.com	stfly.me securepubads.g.doubleclick.net
1	googleads.g.doubleclick.net	itsguider.com
1	pixel.quantserve.com	itsguider.com
1	rules.quantcount.com	secure.quantserve.com
1	f2d720ee1e6d1faddcbc50e6d9b5e422.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
1	secure.quantserve.com	itsguider.com
1	perf.cdnads.com	stfly.me
1	tagcachestaticx.com	dozubatan.com
1	sanggilregard.com	stfly.me
73	23

This site contains no links.

Subject Issuer	Validity	Valid
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2021-05-19` - `2022-05-18`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2021-11-01` - `2022-01-24`	3 months	crt.sh
omchanseyr.com R3	`2021-11-04` - `2022-02-02`	3 months	crt.sh
sanggilregard.com R3	`2021-10-18` - `2022-01-16`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2021-11-01` - `2022-01-24`	3 months	crt.sh
dozubatan.com R3	`2021-10-09` - `2022-01-07`	3 months	crt.sh
toglooman.com R3	`2021-11-06` - `2022-02-04`	3 months	crt.sh
*.rtmark.net Sectigo RSA Domain Validation Secure Server CA	`2021-11-20` - `2022-11-26`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2021-11-01` - `2022-01-24`	3 months	crt.sh
www.google.com GTS CA 1C3	`2021-11-01` - `2022-01-24`	3 months	crt.sh
*.itsguider.com R3	`2021-10-14` - `2022-01-12`	3 months	crt.sh
tagcachedataxrt.com Sectigo RSA Domain Validation Secure Server CA	`2021-10-09` - `2022-10-09`	a year	crt.sh
cdnads.com R3	`2021-11-18` - `2022-02-16`	3 months	crt.sh
*.quantserve.com DigiCert TLS RSA SHA256 2020 CA1	`2021-09-22` - `2022-09-21`	a year	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2021-11-01` - `2022-01-24`	3 months	crt.sh
misc-sni.google.com GTS CA 1C3	`2021-11-01` - `2022-01-24`	3 months	crt.sh
*.google.com GTS CA 1C3	`2021-11-01` - `2022-01-24`	3 months	crt.sh

This page contains 7 frames:

Primary Page: https://stfly.me/sNLiLjg
Frame ID: 468B2A2DA0171D8B8A6B12D2C36C8700
Requests: 32 HTTP requests in this frame

Frame: https://account.adstripe.net/display/index.php?page=query/items/&aduid=21&pid=1&width=336&height=280&displaytype=1&native=0&device_type=large_dev_adblock&block_id=0&responsive=0&adcode_count=1&adSectionWidth=945&page_data=a4c5357a6ca86ca9651f91f6c43a3357&time=1638200930&deliver=stfly.me&search_keywords=&page_referrer=aHR0cHM6Ly9zdGZseS5tZS9zTkxpTGpn&page_title=ShrinkMe.io&meta_description=
Frame ID: EE9C3487B87839681A482FDBF85F442D
Requests: 5 HTTP requests in this frame

Frame: https://itsguider.com/336_2.php
Frame ID: EC86D281C236AFDA00C498A0CB0DD3AB
Requests: 15 HTTP requests in this frame

Frame: https://f2d720ee1e6d1faddcbc50e6d9b5e422.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=2
Frame ID: B21A84C2A9D2A5FE288712085C24FE4A
Requests: 1 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/012111011823000/amp4ads-v0.mjs
Frame ID: AB8C3B6F37A1B5501DB3FBAF2B0524E9
Requests: 15 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html
Frame ID: FBBC8E33E8247B7B2235A010717DCC83
Requests: 2 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: A3675D62FE9A794FD25C9E0BB15784C8
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

ShrinkMe.io

Page Statistics

73
Requests

99 %
HTTPS

62 %
IPv6

19
Domains

23
Subdomains

22
IPs

4
Countries

832 kB
Transfer

2311 kB
Size

19
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 71

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

73 HTTP transactions
2 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request sNLiLjg Show response
stfly.me/ 2 KB
2 KB 398ms
266ms Document
text/html 2606:4700:e0::ac40:6609
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://stfly.me/sNLiLjg

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:e0::ac40:6609 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

50892f7158a17179263a68a7c4d7e963109309ed5142f7b5e8f9eb558f9173f2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: en-GB,en;q=0.9

Response headers

date: Mon, 29 Nov 2021 15:48:50 GMT
content-type: text/html; charset=UTF-8
x-frame-options: SAMEORIGIN
vary: Accept-Encoding,User-Agent
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Mig6N2DCip717sRBsg4ZXfCUPX%2FAwWbuYz8y4mdpdmWqSYePGKnTWi10slqwJ3DSJw1rtVy5X9sla7lhg2%2B%2F3fCU0uBfPt88g9d8KiDC8aNuppwS0vBjOSGLmVjPUyanZ9UA9omJng%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 6b5cfb862ee03753-MXP
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

GET
H2 200 css
fonts.googleapis.com/ 13 KB
1 KB 105ms
38ms Stylesheet
text/css 2a00:1450:4001:810::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Open+Sans:300,400,400italic,600,700

Requested by

Host: stfly.me
URL: https://stfly.me/sNLiLjg

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

66219bc99ac30a346552ced8a3a2739c915b441219cfd9cf3dbef943cf7ca7bf

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://stfly.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Mon, 29 Nov 2021 15:32:10 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Mon, 29 Nov 2021 15:48:50 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 29 Nov 2021 15:48:50 GMT

GET
H2 200 bootstrap.min.css
stfly.me/customfiles/ 108 KB
18 KB 74ms
73ms Stylesheet
text/css 2606:4700:e0::ac40:6609
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://stfly.me/customfiles/bootstrap.min.css

Requested by

Host: stfly.me
URL: https://stfly.me/sNLiLjg

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:e0::ac40:6609 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

83521aad7c96625246ef4168f1d84d12b0652e8eb61ad0875066fee1fa797daf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://stfly.me/sNLiLjg
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 29 Nov 2021 15:48:50 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 852539
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Tue, 06 Oct 2020 10:59:12 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"1ae1b-5b0fe7d2f8000-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding,User-Agent
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6LQ6XGNc%2FrTt49W9ojJLdvMpmM9%2FkhEo157A3Oc0Ga0krojvyOTLflbfcntVr0bK9oO63KV4WC2cQOOS1N7LzmpYFb3qQO2QZ7JqdtbVu5UvKa5NmsU%2Fj26vx0F0MVoV6O6pAJmwJg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=2592000
cf-ray: 6b5cfb87fbbd3753-MXP
expires: Sun, 19 Dec 2021 18:59:51 GMT

GET
H2 200 main.css
stfly.me/customfiles/ 24 KB
5 KB 88ms
87ms Stylesheet
text/css 2606:4700:e0::ac40:6609
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://stfly.me/customfiles/main.css

Requested by

Host: stfly.me
URL: https://stfly.me/sNLiLjg

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:e0::ac40:6609 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

89e38ae45e4ab6870530ad77bc793c32dcb03a600156b9930ffe3104f6702b25

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://stfly.me/sNLiLjg
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 29 Nov 2021 15:48:50 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 852539
cf-bgj: minify
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Tue, 06 Oct 2020 10:59:12 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"61d1-5b0fe7d2f8000-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding,User-Agent
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jcmap6fz3gcN5brVWbp8QnrMsU99FrSwPFr%2BuaqxXse%2FpJ3JEolTS7JdFvmxEQ6%2F5Vx6CufmLJUttLo4cDHlABZH%2BfzC46aESuf1nDaT%2Bxm%2FAsWomT%2Bm038PKL6MIz6PT%2Bcw5JV6tw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=2592000
cf-ray: 6b5cfb87fbc03753-MXP
expires: Sun, 19 Dec 2021 18:59:51 GMT

GET
H2 200 custom.css
stfly.me/customfiles/ 47 KB
19 KB 65ms
65ms Stylesheet
text/css 2606:4700:e0::ac40:6609
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://stfly.me/customfiles/custom.css

Requested by

Host: stfly.me
URL: https://stfly.me/sNLiLjg

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:e0::ac40:6609 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b62d3ff7ec9f5543b6d6a2429170ed375b550d869b90d9886464143cd89b83ef

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://stfly.me/sNLiLjg
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 29 Nov 2021 15:48:50 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 852539
cf-bgj: minify
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Tue, 06 Oct 2020 10:59:12 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"bddd-5b0fe7d2f8000-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding,User-Agent
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dREtgG7w%2FmQYr1uV6IOUuIsJLS8u0otB0N%2FVgHJpksmq18uyBIjxu%2BsK5pOTHM5anWHvAgPuFYZkcNmsXP00bB4PAgiwUG3uQYaWyZ5fHG5cLPG461P%2BT%2FoGgENFNTCfPd%2ByX1GSag%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=2592000
cf-ray: 6b5cfb87fbc23753-MXP
expires: Sun, 19 Dec 2021 18:59:51 GMT

GET
H2 200 invisible.js Show response
stfly.me/cdn-cgi/challenge-platform/h/b/scripts/ 39 KB
15 KB 373ms
372ms Script
text/javascript 2606:4700:e0::ac40:6609
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://stfly.me/cdn-cgi/challenge-platform/h/b/scripts/invisible.js
Requested by: Host: stfly.me
URL: https://stfly.me/sNLiLjg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e0::ac40:6609 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: cd7eba8cbcdd9e847e25e236e93e2f3551ff2c4520e26f2c0e43810c43782320

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://stfly.me/sNLiLjg
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 29 Nov 2021 15:48:50 GMT
content-encoding: br
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7PvIpzPPMAJya4go5G9Q4k7IUM9bL%2FwffVwxY0NQOuJHvXNtNEIwdQHbTxhqIrHeUQWR0Q6%2FG3yEC%2BZ748v7BdBq1dZL3we%2Fu6rEF7QUtxS6Yjmz0rv%2BkKbZRFRQh7Zp%2BQgmVaK9iA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/javascript
cache-control: max-age=604800, public
x-control-type-options: nosniff
cf-ray: 6b5cfb87fbc53753-MXP
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

GET
H2 200 items.php Show response
account.adstripe.net/display/ 62 KB
12 KB 380ms
259ms Script
application/javascript 2606:4700:3037::6815:309a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://account.adstripe.net/display/items.php?21&1&336&280&1&0&0
Requested by: Host: stfly.me
URL: https://stfly.me/sNLiLjg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3037::6815:309a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 42047f64a2b5f5c13ae5e8e33896125e64713f503519d6d24a60fcb9a7dac935

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://stfly.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 29 Nov 2021 15:48:50 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
pragma: no-cache
last-modified: Mon, 29 Nov 2021 15:48:50 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3NgL0VyHyAi1vbFpmb2nqkO7EKYJ%2BZ3HnNE6GVKb6vggHH3e%2FnK%2FEvNDgFBitfva0jUohjEwmfjHlX54i5HQ7VctytdmozJIygbAMfGWnWoJ6v5GUkoDWCvf2245yqMLltkyKOqR%2F5dPO8OdLULu5FVPMA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
cf-ray: 6b5cfb88ca8a5a43-MXP
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 apu.php Show response
omchanseyr.com/ 56 KB
22 KB 224ms
95ms Script
application/javascript 139.45.197.238
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://omchanseyr.com/apu.php?zoneid=3381289

Requested by

Host: stfly.me
URL: https://stfly.me/sNLiLjg

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

139.45.197.238 , United Kingdom, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

2f50bcba7ed2061c23602391880c39456f4d3339d9f62248b2aab93b4e32ffac

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://stfly.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 29 Nov 2021 15:48:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
access-control-max-age: 86400
x-trace-id: 58769ed77cbd316ede66568bb8cb5305
pragma: no-cache
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
server: nginx
strict-transport-security: max-age=1
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript
access-control-allow-origin: *
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
access-control-allow-credentials: true
timing-allow-origin: *, *
link: <https://my.rtmark.net>; rel="preconnect dns-prefetch",<https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://diromalxx.com>; rel="preconnect dns-prefetch"
expires: Tue, 11 Jan 1994 10:00:00 GMT

GET
H/1.1 200
OK 30732 Show response
sanggilregard.com/1clkn/ 0
1 KB 134ms
35ms Script
application/javascript 172.255.6.16
SERVERS-COM

General

Check archive.org

Show headers Download Go to

Full URL

https://sanggilregard.com/1clkn/30732

Requested by

Host: stfly.me
URL: https://stfly.me/sNLiLjg

Protocol

HTTP/1.1

Security

TLS 1.2, RSA, AES_128_CBC

Server

172.255.6.16 , Netherlands, ASN7979 (SERVERS-COM, US),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://stfly.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Mon, 29 Nov 2021 15:48:50 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Server: nginx
Vary: Accept-Encoding
Content-Type: application/javascript; charset=utf-8
Connection: keep-alive
Transfer-Encoding: chunked
Strict-Transport-Security: max-age=1
Keep-Alive: timeout=20

GET
H2 200 rocket-loader.min.js Show response
stfly.me/cdn-cgi/scripts/7d0fa10a/cloudflare-static/ 12 KB
4 KB 52ms
52ms Script
application/javascript 2606:4700:e0::ac40:6609
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://stfly.me/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Requested by

Host: stfly.me
URL: https://stfly.me/sNLiLjg

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:e0::ac40:6609 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://stfly.me/sNLiLjg
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 29 Nov 2021 15:48:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 22 Nov 2021 17:32:49 GMT
server: cloudflare
etag: W/"619bd441-302c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-frame-options: DENY
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NdKvNrFQthb0d2eTAhX%2F09NbGCu%2BZX7HH4dfpb6Rq7CFD3Stx%2BvpP5FDobJmYMNUCOhtEH0N6VLTLev%2BhZNMCyB8TONr1wrC5ARgbE%2B0kkktzvp2PZsFwm90Vc2OJTFArzrzHPTS1A%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=172800, public
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 6b5cfb87fbc73753-MXP
vary: Accept-Encoding
expires: Wed, 01 Dec 2021 15:48:50 GMT

GET
H2 200 modernizr.min.js Show response
stfly.me/customfiles/ 1 KB
1 KB 62ms
61ms Script
application/javascript 2606:4700:e0::ac40:6609
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://stfly.me/customfiles/modernizr.min.js

Requested by

Host: stfly.me
URL: https://stfly.me/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:e0::ac40:6609 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

147b08aa6afaa0b704ebedb56d0b146a7e33600a971e5d20773b3371db70be11

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://stfly.me/sNLiLjg
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 29 Nov 2021 15:48:50 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 852529
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Tue, 06 Oct 2020 10:59:12 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"5f6-5b0fe7d2f8000-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding,User-Agent
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6r5sZ2nS5Czo4VJSnI13JnGXBZ%2F%2B6RYvv7OiGQtO4Kw%2BfrTNKb19CT%2BSviypUwhz%2Fl2Cr2n1XQ8RMYR%2B6gdqZYJOpXpx0U7sKuH%2FWIChnSyFapo6rDg2UAuPM1NwaTcoAwErSqli5g%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=2592000
cf-ray: 6b5cfb88ad383753-MXP
expires: Sun, 19 Dec 2021 19:00:00 GMT

GET
H2 200 memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
fonts.gstatic.com/s/opensans/v27/ 44 KB
44 KB 97ms
30ms Font
font/woff2 2a00:1450:4001:811::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v27/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans:300,400,400italic,600,700

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

88915cdc03fc5b9a20aec966fe93ee38aa3fd76bfef296e41d305271b3541c96

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://stfly.me
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 24 Nov 2021 15:57:38 GMT
x-content-type-options: nosniff
age: 431472
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 44656
x-xss-protection: 0
last-modified: Thu, 28 Oct 2021 00:30:43 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Thu, 24 Nov 2022 15:57:38 GMT

GET
H2 200 4495548 Show response
dozubatan.com/400/ 65 KB
25 KB 233ms
99ms Script
application/javascript 139.45.197.237
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://dozubatan.com/400/4495548

Requested by

Host: omchanseyr.com
URL: https://omchanseyr.com/apu.php?zoneid=3381289

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

139.45.197.237 , United Kingdom, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

1c5d9ee29033c30197b9d92c8c2307b8e51a4f59a226eaf256934654db7b80f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://stfly.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-trace-id: e8db1942a18fa406d0fc52aabb0b5b1b
pragma: no-cache
date: Mon, 29 Nov 2021 15:48:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: nginx
vary: Origin
content-type: application/javascript
access-control-allow-origin: *
access-control-expose-headers: Link
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
access-control-allow-credentials: true
strict-transport-security: max-age=1
timing-allow-origin: *, *
expires: Tue, 11 Jan 1994 10:00:00 GMT

GET
H2 200 1 Show response
toglooman.com/ 6 KB
4 KB 191ms
58ms Script
text/javascript 139.45.197.239
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://toglooman.com/1?z=3968308
Requested by: Host: omchanseyr.com
URL: https://omchanseyr.com/apu.php?zoneid=3381289
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 139.45.197.239 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software: nginx /
Resource Hash: 499145bb829d229d3adf7965aa17fdd15e004a20147d826a5948ecf644e1e611

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://stfly.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 29 Nov 2021 15:48:50 GMT
content-encoding: gzip
x-sc: Sn7XUZVOobmuTDH_LuR6QM5hrDYXbl1FHACaciLypHThswXEqtbQ7osXL56DiIeK3EOAqzv6396MFH-mAvY6IKPBvi4=
server: nginx
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
content-type: text/javascript
access-control-allow-origin
access-control-expose-headers: X-Sc
cache-control: no-store, no-cache, must-revalidate, max-age=0
access-control-allow-credentials: true
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 gid.js Show response
my.rtmark.net/ 65 B
539 B 186ms
57ms XHR
application/json 139.45.195.8
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://my.rtmark.net/gid.js?userId=0345719ee75e467bb3f2417abc6c24c6

Requested by

Host: omchanseyr.com
URL: https://omchanseyr.com/apu.php?zoneid=3381289

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

139.45.195.8 , United Kingdom, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

1035253af23a17e6b0f76cf7bcf836b8731a1170da0588c2533904d828aa2492

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://stfly.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 29 Nov 2021 15:48:50 GMT
x-content-type-options: nosniff
server: nginx
strict-transport-security: max-age=1
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
content-type: application/json; charset=utf-8
access-control-allow-origin: https://stfly.me
access-control-expose-headers: Authorization
access-control-allow-credentials: true
timing-allow-origin: *, *
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
content-length: 65

GET
H2 200 pica.js
stfly.me/cdn-cgi/challenge-platform/h/b/scripts/ 20 KB
8 KB 105ms
104ms Other
text/javascript 2606:4700:e0::ac40:6609
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://stfly.me/cdn-cgi/challenge-platform/h/b/scripts/pica.js
Requested by: Host: stfly.me
URL: https://stfly.me/sNLiLjg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e0::ac40:6609 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 90bb27544d2f4f02d498d1f51627ead28de3b1f8e8be78d9bc8704558ddee1ff

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://stfly.me/sNLiLjg
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 29 Nov 2021 15:48:50 GMT
content-encoding: br
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xVOPOdF%2B%2BuUDMa1gY5y8WU4cd%2BMri5K0wy%2FUrgtMsCXa6oV%2Bekd5d%2FyYsZfLcPNu8rR10Dmq5HCbIiU1G3U%2F9%2Fb7n47ZazYBHF7g5n44kbZQaHIrDW9NdgD%2B2soTyFhQmq6zXGHRbQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/javascript
cache-control: max-age=604800, public
x-control-type-options: nosniff
cf-ray: 6b5cfb8a69df3753-MXP
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

GET
H2 200 index.php Show response
account.adstripe.net/display/ Frame EE9C 7 KB
2 KB 300ms
299ms Document
text/html 2606:4700:3037::6815:309a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://account.adstripe.net/display/index.php?page=query/items/&aduid=21&pid=1&width=336&height=280&displaytype=1&native=0&device_type=large_dev_adblock&block_id=0&responsive=0&adcode_count=1&adSectionWidth=945&page_data=a4c5357a6ca86ca9651f91f6c43a3357&time=1638200930&deliver=stfly.me&search_keywords=&page_referrer=aHR0cHM6Ly9zdGZseS5tZS9zTkxpTGpn&page_title=ShrinkMe.io&meta_description=
Requested by: Host: account.adstripe.net
URL: https://account.adstripe.net/display/items.php?21&1&336&280&1&0&0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3037::6815:309a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 57df9954732f6286529504295a9e03802e290dc187a55fed5c7cc5a446a7bf31

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: en-GB,en;q=0.9
Referer: https://stfly.me/

Response headers

date: Mon, 29 Nov 2021 15:48:51 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=87FbVigbq%2FJC217wue88UQW%2BsR81mHKMQcJRSnoMsD5rzGqEwknGLtFNVgLEXtLpfVXRBBvwv%2BB9Op6rjexSuROVRlS5R%2Bu8avPYBIML%2FtuNAc99dyDrrxRVu8%2BJUOJXCTxtL64Vu5ZY3cgw%2BcTVV4%2BM%2BQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 6b5cfb8a9fc85a43-MXP
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

GET
H2 204 /
omchanseyr.com/ 0
0 79ms
78ms Fetch 139.45.197.238
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://omchanseyr.com/?rb=8rFai9YHAkXEDxu0bvX0gtWaRh6fyopOl9huL1UftPVTeEH11P7lsBB0PZ8Tx5xxsRvMeg6YG5nwHOT8pQYdV4XEEaTbXh8kkCSk_R4lroti1Fx7Fj95c3crGQ3BpejOQ38Rbm0GLRS9LROMTRSo5ofjh1JiW5wLY9qcFDMnIFzmumOMi0vlDz5bDoQOXMq85Pl3RuUFGUOJ8_83eNtgwF6OkHxXiUL1hloALMLdVWSI5pEm-ItyV1Z5t6FdAvaTixGnbACAbDUF8WOG&zoneid=3381289&request_ab2=0&fs=0&cf=0&sw=1600&sh=1200&sah=1200&wx=0&wy=0&ww=1600&wh=1200&cw=1600&wiw=1600&wih=1200&wfc=0&pl=https%3A%2F%2Fstfly.me%2FsNLiLjg&drf=&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&js_build=2&bs=b224d76c-7a6e-4757-a5e3-3b4450ef906b&userId=0345719ee75e467bb3f2417abc6c24c6&m=link

Requested by

Host: omchanseyr.com
URL: https://omchanseyr.com/apu.php?zoneid=3381289

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

139.45.197.238 , United Kingdom, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://stfly.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-trace-id: bf4cea9ca35471093adf24c1fcf53386
pragma: no-cache
date: Mon, 29 Nov 2021 15:48:51 GMT
x-content-type-options: nosniff
server: nginx
access-control-max-age: 86400
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: https://stfly.me
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
access-control-allow-credentials: true
strict-transport-security: max-age=1
timing-allow-origin: *, *
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
expires: Tue, 11 Jan 1994 10:00:00 GMT

GET
H2 200 bbb07d681d5b5503eca0adbbc4bd0c9f Show response
toglooman.com/27/ 384 KB
123 KB 64ms
64ms Script
application/javascript 139.45.197.239
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://toglooman.com/27/bbb07d681d5b5503eca0adbbc4bd0c9f

Requested by

Host: toglooman.com
URL: https://toglooman.com/1?z=3968308

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

139.45.197.239 , United Kingdom, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

307eefdc0600ba0495c999ff6fd97baa6e33a1d780414a4970cc5b760d523b01

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://stfly.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 29 Nov 2021 15:48:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 16 Nov 2021 07:33:35 GMT
server: nginx
strict-transport-security: max-age=1
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
content-type: application/javascript
access-control-allow-origin
cache-control: max-age:290304000, public
access-control-allow-credentials: true
timing-allow-origin: *
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
expires: Tue, 16 Dec 2081 07:33:35 GMT

GET
H2 200 38 Show response
toglooman.com/42/ 0
495 B 153ms
153ms Script
text/plain 139.45.197.239
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://toglooman.com/42/38?z=3968308
Requested by: Host: toglooman.com
URL: https://toglooman.com/1?z=3968308
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 139.45.197.239 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://stfly.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 29 Nov 2021 15:48:51 GMT
server: nginx
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-origin
access-control-expose-headers: X-Sc
cache-control: no-store, no-cache, must-revalidate, max-age=0
access-control-allow-credentials: true
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
content-length: 0
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 tag.js Show response
tagcachestaticx.com/ 50 KB
18 KB 190ms
61ms Script
application/javascript 2606:4700:3033::ac43:b4cb
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://tagcachestaticx.com/tag.js
Requested by: Host: dozubatan.com
URL: https://dozubatan.com/400/4495548
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::ac43:b4cb , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9554e80e9205a72958e651c671af8454206f962a3b73a8d1d1da08436020fc48

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://stfly.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 29 Nov 2021 15:48:51 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Thu, 25 Nov 2021 19:04:24 GMT
server: cloudflare
age: 5997
etag: W/"619fde38-c7ee"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lETACnilTboczdbPBgr9hrdQk1pDPJb17oEyG5KqtLrYRx%2FdusB6sTHY4z69x0PSRgQf0lb3Oaozr83%2F8K%2FQiBkN41GFnIPvWSyuqZp%2FvwK1P%2Bf1N6l5DAiCvFVG1w26Qb6P1H%2BpJzzgmLCn%2F7REYwRe"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=1800
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 6b5cfb8c1d135a07-MXP
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

POST
H2 200 9 Show response
toglooman.com/ 7 B
541 B 58ms
58ms XHR
application/javascript 139.45.197.239
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://toglooman.com/9?z=3968308&ng=1&ix=0&pt=0&np=0&gp=3&bp=4&nw=1&nb=1&sw=1600&sh=1200&pl=https%3A%2F%2Fstfly.me%2FsNLiLjg&wy=0&wx=0&ww=1600&wh=1200&cw=1600&wiw=1600&wih=1200&wfc=1&sah=1200&drf=&hil=1&ist=0
Requested by: Host: toglooman.com
URL: https://toglooman.com/27/bbb07d681d5b5503eca0adbbc4bd0c9f
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 139.45.197.239 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software: nginx /
Resource Hash: a04bf061f53e0011fd2f43bdf081526344f003c50146c88c42c2d95ef22c1821

Request headers

Referer: https://stfly.me/
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: application/json

Response headers

pragma: no-cache
date: Mon, 29 Nov 2021 15:48:51 GMT
server: nginx
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
content-type: application/javascript
access-control-allow-origin: https://stfly.me
access-control-expose-headers: X-Sc
cache-control: no-store, no-cache, must-revalidate, max-age=0
access-control-allow-credentials: true
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
content-length: 7
expires: Mon, 26 Jul 1997 05:00:00 GMT

OPTIONS
H2 204 9
toglooman.com/ Frame 0
0 176ms
55ms Preflight 139.45.197.239
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://toglooman.com/9?z=3968308&ng=1&ix=0&pt=0&np=0&gp=3&bp=4&nw=1&nb=1&sw=1600&sh=1200&pl=https%3A%2F%2Fstfly.me%2FsNLiLjg&wy=0&wx=0&ww=1600&wh=1200&cw=1600&wiw=1600&wih=1200&wfc=1&sah=1200&drf=&hil=1&ist=0
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 139.45.197.239 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://stfly.me
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

server: nginx
date: Mon, 29 Nov 2021 15:48:51 GMT
access-control-allow-credentials: true
access-control-allow-origin: https://stfly.me
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 gid.js Show response
my.rtmark.net/ 65 B
538 B 56ms
56ms XHR
application/json 139.45.195.8
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://my.rtmark.net/gid.js

Requested by

Host: dozubatan.com
URL: https://dozubatan.com/400/4495548

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

139.45.195.8 , United Kingdom, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

1035253af23a17e6b0f76cf7bcf836b8731a1170da0588c2533904d828aa2492

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://stfly.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 29 Nov 2021 15:48:51 GMT
x-content-type-options: nosniff
server: nginx
strict-transport-security: max-age=1
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
content-type: application/json; charset=utf-8
access-control-allow-origin: https://stfly.me
access-control-expose-headers: Authorization
access-control-allow-credentials: true
timing-allow-origin: *, *
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
content-length: 65

GET
H3 200 jquery.min.js Show response
account.adstripe.net/display/js/ Frame EE9C 243 KB
74 KB 93ms
93ms Script
application/javascript 2606:4700:3037::6815:309a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://account.adstripe.net/display/js/jquery.min.js
Requested by: Host: account.adstripe.net
URL: https://account.adstripe.net/display/index.php?page=query/items/&aduid=21&pid=1&width=336&height=280&displaytype=1&native=0&device_type=large_dev_adblock&block_id=0&responsive=0&adcode_count=1&adSectionWidth=945&page_data=a4c5357a6ca86ca9651f91f6c43a3357&time=1638200930&deliver=stfly.me&search_keywords=&page_referrer=aHR0cHM6Ly9zdGZseS5tZS9zTkxpTGpn&page_title=ShrinkMe.io&meta_description=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3037::6815:309a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0047f2b4e58d50cd286045db5a9a694d843c551e96e92f7bcd10bf2e111149f2

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://account.adstripe.net/display/index.php?page=query/items/&aduid=21&pid=1&width=336&height=280&displaytype=1&native=0&device_type=large_dev_adblock&block_id=0&responsive=0&adcode_count=1&adSectionWidth=945&page_data=a4c5357a6ca86ca9651f91f6c43a3357&time=1638200930&deliver=stfly.me&search_keywords=&page_referrer=aHR0cHM6Ly9zdGZseS5tZS9zTkxpTGpn&page_title=ShrinkMe.io&meta_description=
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 29 Nov 2021 15:48:51 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Sat, 17 Apr 2021 10:55:55 GMT
server: cloudflare
age: 1093
etag: W/"3cd47-5c028f0d0e4c0-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ul%2FQiVHGVYj%2BoHFjxFNygNnH%2Bgz4v%2FWdl%2BMV1Q0yTmFd4MLe4%2BQ2c3qAkuz6TBVJ60%2BICEr%2Be%2FCzbHcg%2B2UE3d7Stasx8NetqkIkeiGw7GOhdmvYMU3g9KFDYTGTWpRwLAYgPgxZ1wZ048yp55VDkcokKA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 6b5cfb8c9ca7e903-MXP
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

GET
H3 200 data.png
account.adstripe.net/images/ Frame EE9C 931 B
2 KB 73ms
72ms Image
image/png 2606:4700:3037::6815:309a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://account.adstripe.net/images/data.png
Requested by: Host: account.adstripe.net
URL: https://account.adstripe.net/display/index.php?page=query/items/&aduid=21&pid=1&width=336&height=280&displaytype=1&native=0&device_type=large_dev_adblock&block_id=0&responsive=0&adcode_count=1&adSectionWidth=945&page_data=a4c5357a6ca86ca9651f91f6c43a3357&time=1638200930&deliver=stfly.me&search_keywords=&page_referrer=aHR0cHM6Ly9zdGZseS5tZS9zTkxpTGpn&page_title=ShrinkMe.io&meta_description=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3037::6815:309a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f65dd0ed5ab0097e2cb276b346ccfaddb2a9134c9278af39c6a24cd821fce06f

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://account.adstripe.net/display/index.php?page=query/items/&aduid=21&pid=1&width=336&height=280&displaytype=1&native=0&device_type=large_dev_adblock&block_id=0&responsive=0&adcode_count=1&adSectionWidth=945&page_data=a4c5357a6ca86ca9651f91f6c43a3357&time=1638200930&deliver=stfly.me&search_keywords=&page_referrer=aHR0cHM6Ly9zdGZseS5tZS9zTkxpTGpn&page_title=ShrinkMe.io&meta_description=
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 29 Nov 2021 15:48:51 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1093
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 931
last-modified: Sat, 17 Apr 2021 10:55:55 GMT
server: cloudflare
etag: "3a3-5c028f0d0e4c0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=l%2Bb5FIbuelkXN8WyemqF%2FjTV90OxVL%2FtS8KXTXGM%2BgM9d6SddapnRBNyrokfYjU1SNPvBfMlATXXkXx67YcxcdZQyhTQoAa%2F6SWl02Psq01wNusRCoAt2Wncs4g8hJDKZoBDROkOrxSQYre9n%2BI8REEgTw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 6b5cfb8c9cace903-MXP

GET
H3 200 1-icon-1635666360.png
account.adstripe.net/upload/credit/ Frame EE9C 546 B
1 KB 118ms
117ms Image
image/png 2606:4700:3037::6815:309a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://account.adstripe.net/upload/credit/1-icon-1635666360.png
Requested by: Host: account.adstripe.net
URL: https://account.adstripe.net/display/index.php?page=query/items/&aduid=21&pid=1&width=336&height=280&displaytype=1&native=0&device_type=large_dev_adblock&block_id=0&responsive=0&adcode_count=1&adSectionWidth=945&page_data=a4c5357a6ca86ca9651f91f6c43a3357&time=1638200930&deliver=stfly.me&search_keywords=&page_referrer=aHR0cHM6Ly9zdGZseS5tZS9zTkxpTGpn&page_title=ShrinkMe.io&meta_description=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3037::6815:309a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 85821da273b7d5dc51f8c9ff01bb46fa3461f36aef2977a6c74aa66cc2bd503e

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://account.adstripe.net/display/index.php?page=query/items/&aduid=21&pid=1&width=336&height=280&displaytype=1&native=0&device_type=large_dev_adblock&block_id=0&responsive=0&adcode_count=1&adSectionWidth=945&page_data=a4c5357a6ca86ca9651f91f6c43a3357&time=1638200930&deliver=stfly.me&search_keywords=&page_referrer=aHR0cHM6Ly9zdGZseS5tZS9zTkxpTGpn&page_title=ShrinkMe.io&meta_description=
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 29 Nov 2021 15:48:51 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1093
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 546
last-modified: Sun, 31 Oct 2021 07:46:00 GMT
server: cloudflare
etag: "222-5cfa1406a0ef7"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xrxydYD0jNMRsQARP5C6SF4UkmQCf%2BhoEv7AGUNVIZ%2BW3kQz3NJsBzHnktOs3DQ3%2B0J6ZOgUW9aEsoh4LbLQAytabtCXu9z5Lv0XaOoPP%2Bp9%2FLPPuN8DY5GaWGOH65l8mnC3r40IRI94PBGhJdbC1qRV2Q%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 6b5cfb8d5e84e903-MXP

HEAD
H2 200 adsbygoogle.js
pagead2.googlesyndication.com/pagead/js/ 0
0 134ms
63ms Fetch
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: tagcachestaticx.com
URL: https://tagcachestaticx.com/tag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://stfly.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 29 Nov 2021 15:48:51 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
etag: 13855215375975240061
vary: Accept-Encoding, Origin
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: private, max-age=3600
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
expires: Mon, 29 Nov 2021 15:48:51 GMT

GET
H2 200 googlelogo_color_120x44dp.png
www.google.com/images/branding/googlelogo/2x/ 5 KB
5 KB 115ms
37ms Image
image/png 2a00:1450:4001:830::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/images/branding/googlelogo/2x/googlelogo_color_120x44dp.png

Requested by

Host: stfly.me
URL: https://stfly.me/sNLiLjg

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

29c50fa4422ac0a690af5b0987dee6a030a7eeaafa9dda8543cf022368f545aa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://stfly.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 29 Nov 2021 15:48:51 GMT
x-content-type-options: nosniff
last-modified: Tue, 22 Oct 2019 18:30:00 GMT
server: sffe
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/png
cache-control: private, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5087
x-xss-protection: 0
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Mon, 29 Nov 2021 15:48:51 GMT

GET
H2 200 googlelogo_color_272x92dp.png
www.google.com/images/branding/googlelogo/1x/ 6 KB
6 KB 136ms
58ms Image
image/png 2a00:1450:4001:830::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/images/branding/googlelogo/1x/googlelogo_color_272x92dp.png

Requested by

Host: stfly.me
URL: https://stfly.me/sNLiLjg

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5776cd87617eacec3bc00ebcf530d1924026033eda852f706c1a675a98915826

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://stfly.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 29 Nov 2021 15:48:51 GMT
x-content-type-options: nosniff
last-modified: Tue, 22 Oct 2019 18:30:00 GMT
server: sffe
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/png
cache-control: private, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5969
x-xss-protection: 0
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Mon, 29 Nov 2021 15:48:51 GMT

GET
H2 200 googlelogo_color_272x92dp.png
www.google.com/images/branding/googlelogo/2x/ 13 KB
13 KB 121ms
44ms Image
image/png 2a00:1450:4001:830::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/images/branding/googlelogo/2x/googlelogo_color_272x92dp.png

Requested by

Host: stfly.me
URL: https://stfly.me/sNLiLjg

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

262084257c2103702ef8a25705e3f8dbc1fa3823103ad7b954d54bdb77e6d89d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://stfly.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 29 Nov 2021 15:48:51 GMT
x-content-type-options: nosniff
last-modified: Tue, 22 Oct 2019 18:30:00 GMT
server: sffe
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/png
cache-control: private, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13504
x-xss-protection: 0
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Mon, 29 Nov 2021 15:48:51 GMT

GET
H2 200 googlelogo_color_160x56dp.png
www.google.com/images/branding/googlelogo/2x/ 7 KB
7 KB 118ms
41ms Image
image/png 2a00:1450:4001:830::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/images/branding/googlelogo/2x/googlelogo_color_160x56dp.png

Requested by

Host: stfly.me
URL: https://stfly.me/sNLiLjg

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9e611fba6a87626e60f74d361f0c94d1ba226bc0726a05791f40ddb7fbba2c4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://stfly.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 29 Nov 2021 15:48:51 GMT
x-content-type-options: nosniff
last-modified: Tue, 22 Oct 2019 18:30:00 GMT
server: sffe
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/png
cache-control: private, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7048
x-xss-protection: 0
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Mon, 29 Nov 2021 15:48:51 GMT

GET
H2 200 googlelogo_color_90x40dp.png
www.google.com/images/branding/googlelogo/2x/ 4 KB
4 KB 115ms
38ms Image
image/png 2a00:1450:4001:830::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/images/branding/googlelogo/2x/googlelogo_color_90x40dp.png

Requested by

Host: stfly.me
URL: https://stfly.me/sNLiLjg

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a9cac8d49feccd603bac334c92c1e7dd5a829a1c01d4130550e8c9c0d9c72f7b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://stfly.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 29 Nov 2021 15:48:51 GMT
x-content-type-options: nosniff
last-modified: Tue, 22 Oct 2019 18:30:00 GMT
server: sffe
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/png
cache-control: private, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3934
x-xss-protection: 0
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Mon, 29 Nov 2021 15:48:51 GMT

GET
H2 204 4495548 Show response
dozubatan.com/500/ 0
456 B 60ms
60ms XHR
text/plain 139.45.197.237
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://dozubatan.com/500/4495548?excludes=&oaid=0345719ee75e467bb3f2417abc6c24c6&fs=0&cf=0&sw=1600&sh=1200&sah=1200&wx=0&wy=0&ww=1600&wh=1200&cw=1600&wiw=1600&wih=1200&wfc=1&pl=https%3A%2F%2Fstfly.me%2FsNLiLjg&drf=&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false

Requested by

Host: dozubatan.com
URL: https://dozubatan.com/400/4495548

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

139.45.197.237 , United Kingdom, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

Referer: https://stfly.me/
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: application/json

Response headers

x-trace-id: 6d627e34fa5fca458b23c4f95b47a1d6
pragma: no-cache
date: Mon, 29 Nov 2021 15:48:51 GMT
x-content-type-options: nosniff
server: nginx
vary: Origin
access-control-allow-origin: https://stfly.me
access-control-expose-headers: Link
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
access-control-allow-credentials: true
strict-transport-security: max-age=1
timing-allow-origin: *, *
expires: Tue, 11 Jan 1994 10:00:00 GMT

OPTIONS
H2 200 4495548
dozubatan.com/500/ Frame 0
0 177ms
56ms Preflight 139.45.197.237
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

139.45.197.237 , United Kingdom, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Origin: https://stfly.me
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

server: nginx
date: Mon, 29 Nov 2021 15:48:51 GMT
content-length: 0
allow: GET, OPTIONS
vary: Origin Access-Control-Request-Method Access-Control-Request-Headers
access-control-allow-origin: https://stfly.me
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-allow-credentials: true
access-control-max-age: 600
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *

GET
H2 200 336_2.php Show response
itsguider.com/ Frame EC86 14 KB
6 KB 1519ms
711ms Document
text/html 2606:4700:3036::ac43:859c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://itsguider.com/336_2.php
Requested by: Host: account.adstripe.net
URL: https://account.adstripe.net/display/index.php?page=query/items/&aduid=21&pid=1&width=336&height=280&displaytype=1&native=0&device_type=large_dev_adblock&block_id=0&responsive=0&adcode_count=1&adSectionWidth=945&page_data=a4c5357a6ca86ca9651f91f6c43a3357&time=1638200930&deliver=stfly.me&search_keywords=&page_referrer=aHR0cHM6Ly9zdGZseS5tZS9zTkxpTGpn&page_title=ShrinkMe.io&meta_description=
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3036::ac43:859c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1e6e7e2e15165c8b5fcfc5df72dfbff03f39672497a8b2ebfcc574cae2a2f7cc

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: en-GB,en;q=0.9
Referer: https://account.adstripe.net/

Response headers

date: Mon, 29 Nov 2021 15:48:52 GMT
content-type: text/html; charset=UTF-8
cache-control: private, max-age=0, must-revalidate, no-cache, no-store
display: orig_site_sol
expires: Sun, 28 Nov 2021 15:48:52 GMT
pagespeed: off
response: 200
vary: Accept-Encoding Accept-Encoding,User-Agent
x-ezoic-cdn: Miss
x-middleton-display: orig_site_sol
x-middleton-response: 200
x-origin-cache-control: max-age=0
x-sol: orig
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=t%2Fl6SXq8VZGlr4Zet%2F8gHNKtrXEnQ6h%2B7JI4Cl0LXGgGGxjC%2F0G3aAwaIFLFobdg1hsZH2WJYgx9khDxytRwKiuuWjArSum7ZStfZURHlR%2FyByj%2BrAwxxEiUJqt2n3yBMe4FOoPmBxHgZ8Dp"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 6b5cfb93df36261c-GIG
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

GET
H3 200 index.php Show response
account.adstripe.net/track/ Frame EE9C 131 B
652 B 286ms
285ms Script
application/javascript 2606:4700:3037::6815:309a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://account.adstripe.net/track/index.php?page=click/data/0|2|2|1|21|1|2|2|0|2|0.00055|0.00055|0|0/0756b2a729de4ab49a5554e43c001356/1638200941/GB/
Requested by: Host: account.adstripe.net
URL: https://account.adstripe.net/display/index.php?page=query/items/&aduid=21&pid=1&width=336&height=280&displaytype=1&native=0&device_type=large_dev_adblock&block_id=0&responsive=0&adcode_count=1&adSectionWidth=945&page_data=a4c5357a6ca86ca9651f91f6c43a3357&time=1638200930&deliver=stfly.me&search_keywords=&page_referrer=aHR0cHM6Ly9zdGZseS5tZS9zTkxpTGpn&page_title=ShrinkMe.io&meta_description=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3037::6815:309a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: df13b2bb492cfe24e54a5fbdda0b434e5071be93b12683ab32ddc4318bc44a63

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://account.adstripe.net/display/index.php?page=query/items/&aduid=21&pid=1&width=336&height=280&displaytype=1&native=0&device_type=large_dev_adblock&block_id=0&responsive=0&adcode_count=1&adSectionWidth=945&page_data=a4c5357a6ca86ca9651f91f6c43a3357&time=1638200930&deliver=stfly.me&search_keywords=&page_referrer=aHR0cHM6Ly9zdGZseS5tZS9zTkxpTGpn&page_title=ShrinkMe.io&meta_description=
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 29 Nov 2021 15:48:51 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FeCbKODXooVu%2BmOQUXPrGtN0cE6DJjgYe9CwHeZXbvAZm0w3EijOW1ouEFHL2vBiTVqbtYoWCM17Dttg8EzvkOFNIqIJ7Os%2FMAxxDXC0RVXrddTPfVs5flkwFV0NOZtQVlSBez7XL%2BElNC9u9dntBNRvLw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cf-ray: 6b5cfb8e3812e903-MXP
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

OPTIONS
H/1.1 200
OK add
tagcachedataxrt.com/log/ Frame 0
0 181ms
56ms Preflight 139.45.195.254
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://tagcachedataxrt.com/log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 139.45.195.254 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://stfly.me
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

Server: nginx/1.19.10
Date: Mon, 29 Nov 2021 15:48:55 GMT
Content-Length: 0
Connection: keep-alive
Access-Control-Allow-Origin: https://stfly.me
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true

POST
H/1.1 200
OK add Show response
tagcachedataxrt.com/log/ 12 B
478 B 57ms
57ms Fetch
application/json 139.45.195.254
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://tagcachedataxrt.com/log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f
Requested by: Host: tagcachestaticx.com
URL: https://tagcachestaticx.com/tag.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 139.45.195.254 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash: fe85cceb474303eb80a5ca9a60b16d92208a8e0b38647647654b0c42447b51f7

Request headers

Referer: https://stfly.me/
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
content-type: application/json;charset=utf-8

Response headers

Date: Mon, 29 Nov 2021 15:48:55 GMT
Server: nginx/1.19.10
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: https://stfly.me
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Content-Length: 12

GET
H/1.1 200
OK perf.gif
perf.cdnads.com/ 43 B
323 B 596ms
29ms Image
image/gif 178.162.156.33
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://perf.cdnads.com/perf.gif
Requested by: Host: stfly.me
URL: https://stfly.me/sNLiLjg
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 178.162.156.33 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS: hosted-by.leaseweb.com
Software: nginx /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://stfly.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Mon, 29 Nov 2021 15:48:52 GMT
Last-Modified: Mon, 28 Sep 1970 06:00:00 GMT
Server: nginx
Content-Type: image/gif
Cache-Control: max-age=86400
Connection: keep-alive
Timing-Allow-Origin: *
Content-Length: 43
Expires: Tue, 30 Nov 2021 15:48:52 GMT

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ Frame EC86 77 KB
27 KB 130ms
44ms Script
text/javascript 142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: itsguider.com
URL: https://itsguider.com/336_2.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

sffe /

Resource Hash

71c6ea85dba250b22bc1baaa084572f76dcbb99cb2779e5a603aa867717889a6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://itsguider.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 29 Nov 2021 15:48:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1058 / 829 of 1000 / last-modified: 1637708722"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 26863
x-xss-protection: 0
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Mon, 29 Nov 2021 15:48:53 GMT

GET
H3 200 ezcl.webp Show response
itsguider.com/utilcave_com/inc/ Frame EC86 1 KB
2 KB 261ms
148ms Script
application/javascript 2606:4700:3036::ac43:859c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://itsguider.com/utilcave_com/inc/ezcl.webp?cb=4
Requested by: Host: itsguider.com
URL: https://itsguider.com/336_2.php
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3036::ac43:859c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1c5ad2fd42dffdf04a0f1d757c1cccb4d840218d7ecada79d6cc9db33ca40319

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://itsguider.com/336_2.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 29 Nov 2021 15:48:53 GMT
content-encoding: br
cf-cache-status: BYPASS
x-sol: middleton
server: cloudflare
display: staticcontent_sol
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rDi7GvugDAKiKU5vT37Vb2534UwP71YQ0AwQmn7DyTApUto4lQ4xbrMx7X3wj%2BhxK30RNi3zeOPPoK%2BoaBFgXC2emwSCb4QoWTypsxUq45%2BdBOp2jZ3Gim%2BENWkPhJaQYqdWOeG0Na6QhkOm"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
x-middleton-display: staticcontent_sol
cache-control: max-age=86400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 6b5cfb987d20e8f3-MXP
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

GET
H3 200 cmbv2.js Show response
itsguider.com/detroitchicago/ Frame EC86 67 KB
20 KB 203ms
92ms Script
application/javascript 2606:4700:3036::ac43:859c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://itsguider.com/detroitchicago/cmbv2.js?gcb=195-0&cb=04-1y02-5y06-12y07-1y19-5y0b-5y0d-14y13-3y17-4y1a-2y1f-3y51-1&cmbcb=20&sj=x04x02x06x07x19x0bx0dx13x17x1ax1fx51&abt=AIPlaceholderDesktop
Requested by: Host: itsguider.com
URL: https://itsguider.com/336_2.php
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3036::ac43:859c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: dee017002dae98e54e92a46adaba2efa3bc29c522fb7ecbcfc7305ba32b6af81

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://itsguider.com/336_2.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 29 Nov 2021 15:48:53 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 3968445
cf-polished: origSize=68973
cf-ray: 6b5cfb987d1ee8f3-MXP
x-middleton-display: sol-js
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified: Thu, 14 Oct 2021 17:28:08 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IR%2BhAH80DF9ALkhU%2F0xsjo5g4So3vATNTtj%2BF86IU9I%2FQVeBonIZOaRUByvpr8eESU57Z7KNpeuP9OlPH9QX5cMORO5rr9hzo6KKRtM%2B3HJWz8J%2BCu7kZII2HQULWzPvXcjECk6%2FCn%2FYmVHK"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=31536000
x-robots-tag: noindex
cf-bgj: minify

GET
H3 200 pubads_impl_2021111601.js Show response
securepubads.g.doubleclick.net/gpt/ Frame EC86 344 KB
116 KB 133ms
96ms Script
text/javascript 142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021111601.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

sffe /

Resource Hash

3eee78aaf4f9dc8d0d36d3dddbaad9094ace5d91611f9aee6fe0b44b0ed46ccc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://itsguider.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 29 Nov 2021 15:48:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 118471
x-xss-protection: 0
last-modified: Tue, 16 Nov 2021 09:34:07 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Mon, 29 Nov 2021 15:48:53 GMT

GET
H3 200 cl.gif
itsguider.com/detroitchicago/ Frame EC86 43 B
690 B 110ms
110ms Image
image/gif 2606:4700:3036::ac43:859c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://itsguider.com/detroitchicago/cl.gif?pvID=ba14252f-821d-4217-4530-3b0adc288526&dID=297268
Requested by: Host: itsguider.com
URL: https://itsguider.com/336_2.php
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3036::ac43:859c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://itsguider.com/336_2.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 29 Nov 2021 15:48:53 GMT
cf-cache-status: BYPASS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=z8jHeO8AZwOCapRGvTKwEHDflJsgoZ1uJWjDMCSQqYFJ34Yt60nlnOweiY7d7KgaglZ2BToskBYVsnQ780mEa2B6ynV2rtJ968N4BTaQrDPdjeK9CwuUA8yLSL6frA%2BZa2s1Y94tt9jrNSSV"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
x-middleton-display: imp_sol
cache-control: private, max-age=0, must-revalidate, no-cache, no-store
accept-ranges: bytes
cf-ray: 6b5cfb9bbb5ae8f3-MXP
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 43
expires: Sun, 28 Nov 2021 15:48:53 GMT

GET
H3 200 imp.gif Show response
itsguider.com/detroitchicago/ Frame EC86 43 B
695 B 111ms
111ms XHR
image/gif 2606:4700:3036::ac43:859c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://itsguider.com/detroitchicago/imp.gif?e=%7B%22ad_cache_level%22%3A0%2C%22ad_lazyload_version%22%3A0%2C%22ad_load_version%22%3A0%2C%22city%22%3A%22Poplar%22%2C%22country%22%3A%22GB%22%2C%22days_since_last_visit%22%3A-1%2C%22domain_id%22%3A297268%2C%22engaged_time_visit%22%3A0%2C%22ezcache_level%22%3A1%2C%22ezcache_skip_code%22%3A7%2C%22form_factor_id%22%3A1%2C%22framework_id%22%3A1%2C%22is_return_visitor%22%3Afalse%2C%22is_sitespeed%22%3A0%2C%22last_page_load%22%3A%22%22%2C%22last_pageview_id%22%3A%22%22%2C%22lt_cache_level%22%3A0%2C%22metro_code%22%3A0%2C%22page_ad_positions%22%3A%22%22%2C%22page_view_count%22%3A0%2C%22page_view_id%22%3A%22ba14252f-821d-4217-4530-3b0adc288526%22%2C%22position_selection_id%22%3A0%2C%22postal_code%22%3A%22E14%22%2C%22pv_event_count%22%3A0%2C%22response_size_orig%22%3A670%2C%22response_time_orig%22%3A380%2C%22serverid%22%3A%2252.67.223.185%3A1216%22%2C%22state%22%3A%22TWH%22%2C%22t_epoch%22%3A1638200932%2C%22template_id%22%3A120%2C%22time_on_site_visit%22%3A0%2C%22url%22%3A%22https%3A%2F%2Fitsguider.com%2F336_2.php%22%2C%22user_id%22%3A0%2C%22word_count%22%3A0%2C%22worst_bad_word_level%22%3A0%7D&ez_orig=1
Requested by: Host: itsguider.com
URL: https://itsguider.com/detroitchicago/cmbv2.js?gcb=195-0&cb=04-1y02-5y06-12y07-1y19-5y0b-5y0d-14y13-3y17-4y1a-2y1f-3y51-1&cmbcb=20&sj=x04x02x06x07x19x0bx0dx13x17x1ax1fx51&abt=AIPlaceholderDesktop
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3036::ac43:859c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://itsguider.com/336_2.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 29 Nov 2021 15:48:53 GMT
cf-cache-status: BYPASS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yXAQqZhzOJcMebTFf8WNFSMhnpUn1yKZ3P6JpyabcL16eIAtAgIWfCJTA9rWQonTaMev%2F7FMhxzIINEdC6ZT%2FxLV8ow8tmpnq8Kun6vJgCYcjrkJ5kOzYt2tihW%2FkrKvMCEXgLlg1ABIS953"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
x-middleton-display: imp_sol
cache-control: private, max-age=0, must-revalidate, no-cache, no-store
accept-ranges: bytes
cf-ray: 6b5cfb9bcb69e8f3-MXP
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 43
expires: Sun, 28 Nov 2021 15:48:53 GMT

GET
H2 200 quant.js Show response
secure.quantserve.com/ Frame EC86 24 KB
10 KB 119ms
30ms Script
application/javascript 2620:116:800d:21:5a23:9c4e:e774:96c1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://secure.quantserve.com/quant.js
Requested by: Host: itsguider.com
URL: https://itsguider.com/detroitchicago/cmbv2.js?gcb=195-0&cb=04-1y02-5y06-12y07-1y19-5y0b-5y0d-14y13-3y17-4y1a-2y1f-3y51-1&cmbcb=20&sj=x04x02x06x07x19x0bx0dx13x17x1ax1fx51&abt=AIPlaceholderDesktop
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2620:116:800d:21:5a23:9c4e:e774:96c1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 487fce51fd801415c362f3f9f2df43c445a4b9ba38f9b6d49dfc898dc85ede94

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://itsguider.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 29 Nov 2021 15:48:53 GMT
content-encoding: gzip
etag: "FMCWFRCBdbNj8Eh2c0G78Q=="
vary: Accept-Encoding
content-type: application/javascript
cache-control: private, max-age=604800
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
expires: Mon, 06 Dec 2021 15:48:53 GMT

GET
H3 200 cmbdv2.js Show response
itsguider.com/detroitchicago/ Frame EC86 44 KB
11 KB 68ms
68ms Script
application/javascript 2606:4700:3036::ac43:859c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://itsguider.com/detroitchicago/cmbdv2.js?gcb=195-0&cb=03-5y0c-5y18-4&cmbcb=20&sj=x03x0cx18&abt=AIPlaceholderDesktop
Requested by: Host: itsguider.com
URL: https://itsguider.com/336_2.php
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3036::ac43:859c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1c1354dcc435f929175a9161740b5e53d9f5d52ea12901efb384fc34fe0255f4

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://itsguider.com/336_2.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 29 Nov 2021 15:48:53 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 3968445
cf-polished: origSize=44604
cf-ray: 6b5cfb9bcb71e8f3-MXP
x-middleton-display: sol-js
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified: Thu, 14 Oct 2021 17:28:08 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wsLRvZ2aIgfhlR1br7LhyMoSlhDUpzyoK%2BnPxaiJZszYxrkp0WA%2FbLe16jECoPI9V1OTxnt8jq3vBL%2FAI1hhUCfkDhvJpYCAUjVQlt%2BRhOuy7aQW3xgWBM2v8OjZ4ha%2FOfrAQcyF0SadKEXj"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=31536000
x-robots-tag: noindex
cf-bgj: minify

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame EC86 50 KB
12 KB 410ms
410ms XHR
text/plain 142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=2611563216252204&correlator=799566455513053&output=ldjh&impl=fifs&eid=31060438%2C44752541&vrg=2021111601&ptt=17&sc=1&sfv=1-0-38&ecs=20211129&iu_parts=360613911%2Citsguider.com_RedMas2021&enc_prev_ius=%2F0%2F1&prev_iu_szs=336x280&cdm=itsguider.com&bc=31&abxe=1&lmt=1638200933&dt=1638200933921&dlt=1638200933187&idt=683&ea=0&frm=8&biw=-12245933&bih=-12245933&isw=336&ish=280&oid=2&adxs=0&adys=0&adks=1993164460&ucis=hw9olukfobch&ifi=1&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&nhd=2&url=https%3A%2F%2Fitsguider.com%2F336_2.php&ref=https%3A%2F%2Faccount.adstripe.net%2F&top=https%3A%2F%2Faccount.adstripe.net%2F&vis=1&dmc=8&scr_x=-12245933&scr_y=-12245933&psz=336x280&msz=336x280&ga_vid=1234300614.1638200934&ga_sid=1638200934&ga_hid=874085273&ga_fc=false&fws=256&ohw=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&nvt=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021111601.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

cafe /

Resource Hash

f9b8cf31e7a76028ab84804ef78bf2bec7d7e743e6c1e433d512eccb9e4f509c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://itsguider.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 29 Nov 2021 15:48:54 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11801
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://itsguider.com
access-control-expose-headers: x-google-amp-ad-validated-version
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
f2d720ee1e6d1faddcbc50e6d9b5e422.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame B21A 6 KB
4 KB 149ms
37ms Document
text/html 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://f2d720ee1e6d1faddcbc50e6d9b5e422.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=2

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021111601.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: en-GB,en;q=0.9
Referer: https://itsguider.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
date: Mon, 29 Nov 2021 15:48:53 GMT
expires: Tue, 29 Nov 2022 15:48:53 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 rules-p-31iz6hfFutd16.js Show response
rules.quantcount.com/ Frame EC86 3 B
429 B 101ms
28ms Script
application/javascript 2600:9000:223f:9e00:6:44e3:f8c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://rules.quantcount.com/rules-p-31iz6hfFutd16.js
Requested by: Host: secure.quantserve.com
URL: https://secure.quantserve.com/quant.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223f:9e00:6:44e3:f8c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://itsguider.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 29 Nov 2021 04:38:00 GMT
via: 1.1 0a624670dff351af866d2f19bde4a313.cloudfront.net (CloudFront)
age: 40255
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 3
last-modified: Sat, 04 Mar 2017 19:50:24 GMT
server: AmazonS3
etag: "8a80554c91d9fca8acb82f023de02f11"
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=86400
x-amz-cf-pop: FRA56-P5
accept-ranges: bytes
x-amz-cf-id: lagW5qgPKBQoWY64sblGflK_81ohQYXu-gBzKzyHwY1rhZ9Jxm91jg==

GET
H2 200 pixel;r=748089342;labels=Domain.itsguider_com%2CDomainId.297268;rf=0;a=p-31iz6hfFutd16;url=https%3A%2F%2Fitsguider.com%2F336_2.php;ref=https%3A%2F%2Faccount.adstripe.net%2F;uht=2;fpan=1;fpa=P0-1674...
pixel.quantserve.com/ Frame EC86 35 B
371 B 49ms
32ms Image
image/gif 2620:116:800d:21:5a23:9c4e:e774:96c1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pixel.quantserve.com/pixel;r=748089342;labels=Domain.itsguider_com%2CDomainId.297268;rf=0;a=p-31iz6hfFutd16;url=https%3A%2F%2Fitsguider.com%2F336_2.php;ref=https%3A%2F%2Faccount.adstripe.net%2F;uht=2;fpan=1;fpa=P0-1674183760-1638200934068;pbc=;ns=1;ce=1;qjs=1;qv=92a3679b-20211110211611;cm=;gdpr=0;d=itsguider.com;je=0;sr=1600x1200x24;dst=0;et=1638200934067;tzo=0;ogl=

Requested by

Host: itsguider.com
URL: https://itsguider.com/336_2.php

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:116:800d:21:5a23:9c4e:e774:96c1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://itsguider.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 29 Nov 2021 15:48:53 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
cache-control: private, no-cache, no-store, proxy-revalidate
content-type: image/gif
content-length: 35
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame EC86 12 KB
9 KB 79ms
43ms XHR
application/json 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2021111601&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021111601.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ab6024fb7867371c95557e377c23119dce8469fe6e718d4c8112b8ed0c16addf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://itsguider.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 29 Nov 2021 15:48:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9309
x-xss-protection: 0

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame EC86 17 KB
7 KB 122ms
41ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021111601.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a5ead9037af4a0e749e217f63b25a25493a7705e17d98f04b336ab1370a353db

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://itsguider.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 29 Nov 2021 15:48:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1624308425655142"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6467
x-xss-protection: 0
cross-origin-opener-policy-report-only: same-origin; report-to="adspam-signals-scs"
expires: Mon, 29 Nov 2021 15:48:54 GMT

POST
H2 200 result Show response
stfly.me/cdn-cgi/challenge-platform/h/b/cv/ 2 B
570 B 346ms
163ms XHR
text/plain 2606:4700:e0::ac40:6609
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://stfly.me/cdn-cgi/challenge-platform/h/b/cv/result?req_id=6b5cfb862ee03753
Requested by: Host: stfly.me
URL: https://stfly.me/cdn-cgi/challenge-platform/h/b/scripts/invisible.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e0::ac40:6609 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Request headers

Referer: https://stfly.me/sNLiLjg
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: application/json

Response headers

date: Mon, 29 Nov 2021 15:48:54 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vzv%2F65zaDc2kCmYe6rAsilbU%2FZuJ9ciJLVGP4tRQ9QX8gFGSo6fHHVp1MK3PpFL2EAbMzCZQi1%2BaoTDBFV445ncaxGDZS%2BgDrThVbyu6ax4yP2lsUrU0%2BZU1qoDkJw9xUx%2FzLkDmnw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/plain;charset=UTF-8
cf-ray: 6b5cfba0fba63753-MXP
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 2

GET
H2 200 amp4ads-v0.mjs Show response
cdn.ampproject.org/rtv/012111011823000/ Frame AB8C 189 KB
54 KB 143ms
32ms Script
text/javascript 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012111011823000/amp4ads-v0.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021111601.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

98ba8f881333898d751dabe4f8b4cacc4489a9f5b6b4fd1fc67c571dbfec95cf

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://itsguider.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 170842
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 55592
x-xss-protection: 0
server: sffe
date: Sat, 27 Nov 2021 16:21:32 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "11dee2040f5fc1d7"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Sun, 27 Nov 2022 16:21:32 GMT

GET
H2 200 amp-ad-exit-0.1.mjs Show response
cdn.ampproject.org/rtv/012111011823000/v0/ Frame AB8C 13 KB
6 KB 141ms
29ms Script
text/javascript 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012111011823000/v0/amp-ad-exit-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021111601.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

65f6185cfe1cf88fa7981160dd6fa443e111887215b72953718ea70f8e2ba9f2

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://itsguider.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 170842
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4992
x-xss-protection: 0
server: sffe
date: Sat, 27 Nov 2021 16:21:32 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "858600ba27ef7413"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Sun, 27 Nov 2022 16:21:32 GMT

GET
H2 200 amp-analytics-0.1.mjs Show response
cdn.ampproject.org/rtv/012111011823000/v0/ Frame AB8C 89 KB
28 KB 172ms
61ms Script
text/javascript 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012111011823000/v0/amp-analytics-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021111601.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9e97fc43ecd2f16948c3a8d2de65e0e5483db4ed5ab174058c178ca1c8665d0b

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://itsguider.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 170842
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28555
x-xss-protection: 0
server: sffe
date: Sat, 27 Nov 2021 16:21:32 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "a64e482645fd262b"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Sun, 27 Nov 2022 16:21:32 GMT

GET
H2 200 amp-fit-text-0.1.mjs Show response
cdn.ampproject.org/rtv/012111011823000/v0/ Frame AB8C 5 KB
2 KB 171ms
60ms Script
text/javascript 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012111011823000/v0/amp-fit-text-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021111601.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3d76ab4ac854cafef51bbbb5177ea75816df90e3c775294991a016404f2b6bb5

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://itsguider.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 170842
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1731
x-xss-protection: 0
server: sffe
date: Sat, 27 Nov 2021 16:21:32 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "cb4f0e89d7d37d9b"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Sun, 27 Nov 2022 16:21:32 GMT

GET
H2 200 amp-form-0.1.mjs Show response
cdn.ampproject.org/rtv/012111011823000/v0/ Frame AB8C 40 KB
13 KB 179ms
68ms Script
text/javascript 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012111011823000/v0/amp-form-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021111601.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9a630b852e94f20cb8140704fd830bf40bfea0a2effaa67d06a0eadafbf3d508

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://itsguider.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 170842
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12826
x-xss-protection: 0
server: sffe
date: Sat, 27 Nov 2021 16:21:32 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "f02165e023e70703"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Sun, 27 Nov 2022 16:21:32 GMT

GET
H3 200 css
fonts.googleapis.com/ Frame AB8C 3 KB
580 B 74ms
37ms Stylesheet
text/css 2a00:1450:4001:810::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C700

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021111601.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

76ca98643b0229d7a50626e2ed31a2ba5663b0697c880420fc3e4c6ca82684ca

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://itsguider.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Mon, 29 Nov 2021 13:51:59 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Mon, 29 Nov 2021 15:48:54 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 29 Nov 2021 15:48:54 GMT

GET
H3 200 en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame AB8C 2 KB
2 KB 70ms
31ms Image
image/png 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/en.png

Requested by

Host: itsguider.com
URL: https://itsguider.com/336_2.php

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://itsguider.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 29 Nov 2021 09:41:39 GMT
x-content-type-options: nosniff
server: cafe
age: 22035
etag: 14819457070020093239
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
content-type: image/png
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2502
x-xss-protection: 0
expires: Tue, 30 Nov 2021 09:41:39 GMT

GET
H3 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame AB8C 295 B
319 B 69ms
31ms Image
image/png 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Host: itsguider.com
URL: https://itsguider.com/336_2.php

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://itsguider.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 29 Nov 2021 09:53:05 GMT
x-content-type-options: nosniff
server: cafe
age: 21349
etag: 426692510519060060
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
content-type: image/png
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Tue, 30 Nov 2021 09:53:05 GMT

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame AB8C 0
0 73ms
73ms Image
text/html 142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CTJHeZfakYfO4M8SCx_AP2-e_iAfNvt3pZvX1upyxDKvn1_PGARABIIixkR9gu76ug9AKoAGr1bS7AsgBAeACAKgDAaoE3gFP0MFUEmRMYdI4c7xm5fvh2onQ5ecBabr2lTADlDwMLXc0oWRKRmM03kjs26-wCyHgJW7n9PZS7t8Pt_-e_td7--rscWK-0aQKjT3Jovv3fEvcUJoatWieOPnhQf8oxeLNrDqmAm5guHF8BIxo7GliOxJldDDuDTlZnG4GxUlmgRkUkPryFqk_CRR9fDZU6xeqPoElrugbUxGEOtEbeBu_STQYBp04U7qYhz3hMp_yj_x9FOm9U8-RXISmq7c20sbGIm-5gBCLF8geN9NLfmQAPAm1SLSXSAgrDM4SBdvABLzdqYigA-AEAZIFBAgEGAGSBQQIBRgEgAfQ5MvEAagHjs4bqAeT2BuoB-6WsQKoB_6esQKoB9XJG6gHpr4b2AcB8gcEEKiFPNIICQiA4YAQEAEYHfIIG2FkeC1zdWJzeW4tNjA1MjI0ODUxODg0NzQ0MIAKA8gLAdgTDIgUAdAVAYAXAbIXHgocCAASFHB1Yi03MzYzODA5MjE5MjQ0MTIyGL_iHw&sigh=2OsMH37cP-4&uach_m=[UACH]&template_id=5020&uap=UACH(platform)&uapv=UACH(platformVersion)&uaa=UACH(architecture)&uam=UACH(model)&uafv=UACH(uaFullVersion)&uab=UACH(bitness)
Requested by: Host: itsguider.com
URL: https://itsguider.com/336_2.php
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 142.250.186.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra24s05-in-f2.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://itsguider.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/224/ Frame FBBC 12 KB
5 KB 58ms
29ms Document
text/html 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4fa0156d693856f79289525c8e4db988a188d55ce0283351c96d811c7ce3e2c3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: en-GB,en;q=0.9
Referer: https://itsguider.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length: 5029
date: Mon, 29 Nov 2021 15:46:37 GMT
expires: Tue, 29 Nov 2022 15:46:37 GMT
last-modified: Wed, 02 Jun 2021 17:09:45 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 137
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame A367 783 B
534 B 78ms
39ms Document
text/html 2a00:1450:4001:830::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

b90f7fac175d27c340a33924bcc8dd9faee533ed65430ba8e54891b0f5d89a59

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-Xj/tjus8uC7PcF5fiD5l5w' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: en-GB,en;q=0.9
Referer: https://itsguider.com/

Response headers

cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
expires: Mon, 29 Nov 2021 15:48:54 GMT
date: Mon, 29 Nov 2021 15:48:54 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'report-sample' 'nonce-Xj/tjus8uC7PcF5fiD5l5w' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 512
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 W74_wbIuhH6bObXj0uCjode8PwiBrxgOKnAqo6ShAmY.js Show response
pagead2.googlesyndication.com/bg/ Frame FBBC 35 KB
13 KB 67ms
30ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/W74_wbIuhH6bObXj0uCjode8PwiBrxgOKnAqo6ShAmY.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5bbe3fc1b22e847e9b39b5e3d2e0a3a1d7bc3f0881af180e2a702aa3a4a10266

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sun, 28 Nov 2021 18:41:32 GMT
content-encoding: br
x-content-type-options: nosniff
age: 76042
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13296
x-xss-protection: 0
last-modified: Mon, 08 Nov 2021 11:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Mon, 28 Nov 2022 18:41:32 GMT

GET
DATA 200
OK truncated
/ Frame AB8C 206 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 44eefef34507164f4234b958d8f6906488a2521071379498041568bae9499b2e

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame AB8C 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 2a49d5d24186ca21f14c6c1f1a45c86a020110b450c0e6e4e950c67ae214a435

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 4UabrENHsxJlGDuGo1OIlLV154tzCwY.woff2
fonts.gstatic.com/s/googlesans/v36/ Frame AB8C 21 KB
21 KB 70ms
33ms Font
font/woff2 2a00:1450:4001:811::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v36/4UabrENHsxJlGDuGo1OIlLV154tzCwY.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C700

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bbbc44e5ebb0694e2faa4b84737dc33d6b8fa9d0eaa8b5f63ac3537130cb07bf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://itsguider.com
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Tue, 23 Nov 2021 11:17:04 GMT
x-content-type-options: nosniff
age: 534710
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21444
x-xss-protection: 0
last-modified: Wed, 01 Sep 2021 18:08:20 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Wed, 23 Nov 2022 11:17:04 GMT

GET
H3 200 4UaGrENHsxJlGDuGo1OIlL3Owp4.woff2
fonts.gstatic.com/s/googlesans/v36/ Frame AB8C 21 KB
21 KB 66ms
30ms Font
font/woff2 2a00:1450:4001:811::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v36/4UaGrENHsxJlGDuGo1OIlL3Owp4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C700

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c55eebd9845964c111ecdbe7e583ed00ff47536f13c46a7e9c70430cc7ea091f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://itsguider.com
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Tue, 23 Nov 2021 20:07:29 GMT
x-content-type-options: nosniff
age: 502885
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21424
x-xss-protection: 0
last-modified: Wed, 01 Sep 2021 18:08:24 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Wed, 23 Nov 2022 20:07:29 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame A367 0
0 83ms
81ms Image
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=224&li=gpt_2021111601&jk=2611563216252204&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

GET
H2

200

si
googleads.g.doubleclick.net/pagead/drt/ Frame AB8C
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
0

169ms
101ms

Image
text/html

2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Requested by: Host: itsguider.com
URL: https://itsguider.com/336_2.php
Protocol: H2
Server: 2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Redirect headers

date: Mon, 29 Nov 2021 15:48:54 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
cache-control: private
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame EC86 0
20 B 67ms
67ms Image
image/gif 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=224&t=2&li=gpt_2021111601&jk=2611563216252204&bg=!SkmlSQ3NAAZQLpa_UC47ACkAdvg8WmYjm6rtblxEXMKOKQGkuu0tp4bIlFChvgb6h-tLFDTGWF06JgIAAACkUgAAABJoAQcKAH8sR5jq2-Ye4pBq2JI4zCbyNU6ylLGW4FX7jhEJtHsFuw5r81fqIUgmoyGO_o2caFaqY1yQiI7UeISMVVTNfgHQn8QuUUNoZRhczhqeWEkDsBVCXZCCY-2kF4QQ0FGqkNBc_TslOdDGAg8yDlAUnmM07utvwYARsXOUV12APepVmQKqSIjs2xNGMyjk9EPGmLxmX3M4IqisIirSOouzH4jf2sCFq4DoAUV9NssB-TylhrsNjkIPP3xmhM7alslO5GY5-E4mlyLQoGABoP6bQH2aVhU3QuXSAEuJ2VmcqXCggBfYCpWZedmeZ4NT7GQjRy7LrOlKJXxJtaZoZXehtrgSNhcK4x0bgGGnd0QSua4vYYJ_fMro_e4VT6i6q2TkhhWYau4oEw8h9J1U683Le_kz61Zt6K-a2RK3wiiUJUiLEttYOFDIv7fk2YtmUEBmVsbOMoglKUY1-cB5z1StdzKGg15lIUl9WNZuwsdxOBJcMbwAUpfwYeEH46BXABPMdiScFVQn9KQ_cAyxL_4pSL3k7gqltlYNQmstQddYR_n6MONTlhnEzEbcA5P_yvJq_p4H0FSHk2rqHExFk_KQ5CFfpMKfqZSTtjGnNKTmJmqVoAojNVXTASsx1_4gmsJkWF_CDDz9Y7CZtrPr-HDSVYgSdhTJsAuOtb9tESvDSG02D641Qd_-RLcvs-B7moBWmYBIzCzHarmg3UQq8CsmLUxBP9otzUOlB6rloY0Qo21KzXGryael6xrD_ohPkUDfo9jWhN-hMGkWMVZHG3pbwWh6ydXhj1GeJbhR9f2T87Bntz0P60gli01vAvjKUPFPkLUlxnYtgmyzQayeNx66NSzBu0S7Fd-nZisAZMMTQjHjrtr1GL8PhJPCh3PhLtfgneSp6pJjomC9_Xyg-d_9NHRljOS2TuM8ECkMhPtcErwhbqJhfWW8eqVbk1JeNiuBvQ4p4Qium2_ir1wl3oeLEOwu-i3NInKwsyjX6UgcL0J9aaSxAfpBdK-SSWN6AkoBx-sgidngFuBcWyZgnBWYhmP4XkOyLAJUz6KwalvPyrk-ldsDEXEWNtzmPdDtJA

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://itsguider.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 29 Nov 2021 15:48:54 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview
pagead2.googlesyndication.com/pcs/ Frame AB8C 42 B
64 B 70ms
70ms Image
image/gif 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsu6bAUDbEDopbc7zu6yh_6XjwnGVTKY3gqmXiBoR0z57zvgjUMhh_C5i2quSzv81mTB_OUJg13gZsRqIJonE5-7Q-jAjsi08A1lWyLV7bFpD4YFXNSJgg&sai=AMfl-YTVMxD3g7D4f-qFo9gYeIOlOXQDr207ZJ125a1lnI7G5D8aAjvjgBiemDL4jSmUnypfh_MfaiJ55omz&sig=Cg0ArKJSzIMEuboOu98SEAE&id=ampim&o=0,281&d=336,280&ss=1600,1200&bs=336,280&mcvt=1000&mtos=0,0,1000,1000,1000&tos=0,0,1000,0,0&tfs=76&tls=1076&g=100&h=100&tt=1077&r=v&avms=ampa&uap=&uapv=&uaa=&uam=&uafv=&uab=&adk=1993164460

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://itsguider.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 29 Nov 2021 15:48:55 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

65 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

19 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
toglooman.com/42	1970-01-20 07:48:56	Name: OAID Value: ac652b7580954d8c8aea5cbfb27b5220
toglooman.com/42	1970-01-20 07:48:56	Name: oaidts Value: 1638200930
sanggilregard.com/	1970-01-19 23:04:47	Name: GL_UI4 Value: eJw9jUtugzAYhHnTKAV1JA6QIzgRUFhWPUSXyGCbuAH%2FkXGDevtaldrVfJqHJgiCqCoRPrIY8RdvcBpr1nWK1e2oet68MnXp21qpqWvFpemUwkFvg%2BPjIl2C51kaafU0TCRkgRcf%2FTk3Q7tJkI6WG1EgXX1jKZCPlvZN2ipGYvgqkb1fLXlNV%2F5JFlHfetTGY8gQ0VbF5QH5hzbC78ojojMriyzA8b5wp8iugxZZiHS2XEiEb3iauJMz2W%2FkQm43R3eAFjH8939v4%2F3MkAn50JP%2FJneV9gd3Ukq3
sanggilregard.com/	1970-01-19 23:04:47	Name: GL_GI10 Value: eJxNzsFqwkAQxvGYlK3BEvmgD%2BALGIxKpVeL5KD15nkJ2TEsNDPLZlsan76pFultvj%2F8YKIoip8zxNYhK17X%2BeolL4pFXmxWSBoSxOUWT7V8cvC95qolZCe2gcxsb7kx0kJ5aqwwkt2xxOQ2dC2GoMrt%2FH%2B88scdNx8VGzzUNvRQB2Ez6PR33Vg6sL%2Ba2M5h%2FL5cb2aHYJAyBd05ouF8E%2B%2FEV2F46F6vXiUY2047L9%2B9GmEabEsXYdJyPncUVITRl4p%2FAJYtSMo%3D
omchanseyr.com/	1970-01-20 07:48:56	Name: OAID Value: 0345719ee75e467bb3f2417abc6c24c6
omchanseyr.com/	1970-01-20 07:48:56	Name: oaidts Value: 1638200930
my.rtmark.net/	1970-01-20 07:48:56	Name: ID Value: 0345719ee75e467bb3f2417abc6c24c6
toglooman.com/	1970-01-20 07:48:56	Name: scm Value: 1
toglooman.com/	1970-01-20 07:48:56	Name: OAID Value: ac652b7580954d8c8aea5cbfb27b5220
toglooman.com/	1970-01-20 07:48:56	Name: oaidts Value: 1638200930
stfly.me/	1970-01-19 23:03:21	Name: prefetchAd_3381289 Value: true
omchanseyr.com/	1970-01-19 23:13:25	Name: syncedCookie Value: true
dozubatan.com/	1970-01-20 07:48:56	Name: OAID Value: 0345719ee75e467bb3f2417abc6c24c6
stfly.me/	1970-01-19 23:03:24	Name: _data_html Value: 2-1
.itsguider.com/	1970-01-20 07:48:56	Name: ezosuigeneris-0 Value: 014ff30b659cdedef3c45e643251287c
.quantserve.com/	1970-01-20 08:33:35	Name: mc Value: 61a4f665-eca4f-42ad4-780ef
.doubleclick.net/	1970-01-20 08:24:56	Name: IDE Value: AHWqTUmstn9nTz4kpYPg1ofxtX5GiWRjV4Nh0U_CuNviL1O83BWwEyYH5ePYFDmAHxY
.stfly.me/	1970-01-19 23:03:22	Name: __cf_bm Value: JoMWliApZqNTpkLRl_4zGj4q3Pgb0qy1VDpMz9LqaD8-1638200934-0-AWFrkYyvBHEbsAjynIhpsUUoJ8kNE7DCnyPZXZrjW7EHXZ4MgZjDkdBHI3O/ktQVoPbycRaHc9TjSoJohaI3AioWX8SV790Tjg2dJIJ8VPbg3TUxYHdlmfNHZr3j+zuVcA==
.doubleclick.net/	1970-01-19 23:03:24	Name: DSID Value: NO_DATA

3 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
deprecation	warning	URL: https://tagcachestaticx.com/tag.js Message: RTP data channels are no longer supported. The "RtpDataChannels" constraint is currently ignored, and may cause an error at a later date.
deprecation	warning	URL: https://stfly.me/cdn-cgi/challenge-platform/h/b/scripts/invisible.js Message: 'window.webkitStorageInfo' is deprecated. Please use 'navigator.webkitTemporaryStorage' or 'navigator.webkitPersistentStorage' instead.
other	warning	URL: https://cdn.ampproject.org/rtv/012111011823000/v0/amp-ad-exit-0.1.mjs(Line 2) Message: Unrecognized feature: 'attribution-reporting'.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

account.adstripe.net
cdn.ampproject.org
dozubatan.com
f2d720ee1e6d1faddcbc50e6d9b5e422.safeframe.googlesyndication.com
fonts.googleapis.com
fonts.gstatic.com
googleads.g.doubleclick.net
itsguider.com
my.rtmark.net
omchanseyr.com
pagead2.googlesyndication.com
perf.cdnads.com
pixel.quantserve.com
rules.quantcount.com
sanggilregard.com
secure.quantserve.com
securepubads.g.doubleclick.net
stfly.me
tagcachedataxrt.com
tagcachestaticx.com
toglooman.com
tpc.googlesyndication.com
www.google.com
139.45.195.254
139.45.195.8
139.45.197.237
139.45.197.238
139.45.197.239
142.250.186.66
172.255.6.16
178.162.156.33
2600:9000:223f:9e00:6:44e3:f8c0:93a1
2606:4700:3033::ac43:b4cb
2606:4700:3036::ac43:859c
2606:4700:3037::6815:309a
2606:4700:e0::ac40:6609
2620:116:800d:21:5a23:9c4e:e774:96c1
2a00:1450:4001:809::2001
2a00:1450:4001:810::200a
2a00:1450:4001:811::2003
2a00:1450:4001:829::2001
2a00:1450:4001:82b::2001
2a00:1450:4001:830::2004
2a00:1450:4001:831::2002
0047f2b4e58d50cd286045db5a9a694d843c551e96e92f7bcd10bf2e111149f2
1035253af23a17e6b0f76cf7bcf836b8731a1170da0588c2533904d828aa2492
147b08aa6afaa0b704ebedb56d0b146a7e33600a971e5d20773b3371db70be11
1c1354dcc435f929175a9161740b5e53d9f5d52ea12901efb384fc34fe0255f4
1c5ad2fd42dffdf04a0f1d757c1cccb4d840218d7ecada79d6cc9db33ca40319
1c5d9ee29033c30197b9d92c8c2307b8e51a4f59a226eaf256934654db7b80f8
1e6e7e2e15165c8b5fcfc5df72dfbff03f39672497a8b2ebfcc574cae2a2f7cc
262084257c2103702ef8a25705e3f8dbc1fa3823103ad7b954d54bdb77e6d89d
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
29c50fa4422ac0a690af5b0987dee6a030a7eeaafa9dda8543cf022368f545aa
2a49d5d24186ca21f14c6c1f1a45c86a020110b450c0e6e4e950c67ae214a435
2f50bcba7ed2061c23602391880c39456f4d3339d9f62248b2aab93b4e32ffac
307eefdc0600ba0495c999ff6fd97baa6e33a1d780414a4970cc5b760d523b01
36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1
3d76ab4ac854cafef51bbbb5177ea75816df90e3c775294991a016404f2b6bb5
3eee78aaf4f9dc8d0d36d3dddbaad9094ace5d91611f9aee6fe0b44b0ed46ccc
42047f64a2b5f5c13ae5e8e33896125e64713f503519d6d24a60fcb9a7dac935
44eefef34507164f4234b958d8f6906488a2521071379498041568bae9499b2e
487fce51fd801415c362f3f9f2df43c445a4b9ba38f9b6d49dfc898dc85ede94
499145bb829d229d3adf7965aa17fdd15e004a20147d826a5948ecf644e1e611
4fa0156d693856f79289525c8e4db988a188d55ce0283351c96d811c7ce3e2c3
50892f7158a17179263a68a7c4d7e963109309ed5142f7b5e8f9eb558f9173f2
5776cd87617eacec3bc00ebcf530d1924026033eda852f706c1a675a98915826
57df9954732f6286529504295a9e03802e290dc187a55fed5c7cc5a446a7bf31
5bbe3fc1b22e847e9b39b5e3d2e0a3a1d7bc3f0881af180e2a702aa3a4a10266
65f6185cfe1cf88fa7981160dd6fa443e111887215b72953718ea70f8e2ba9f2
66219bc99ac30a346552ced8a3a2739c915b441219cfd9cf3dbef943cf7ca7bf
71c6ea85dba250b22bc1baaa084572f76dcbb99cb2779e5a603aa867717889a6
76ca98643b0229d7a50626e2ed31a2ba5663b0697c880420fc3e4c6ca82684ca
7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b
83521aad7c96625246ef4168f1d84d12b0652e8eb61ad0875066fee1fa797daf
85821da273b7d5dc51f8c9ff01bb46fa3461f36aef2977a6c74aa66cc2bd503e
88915cdc03fc5b9a20aec966fe93ee38aa3fd76bfef296e41d305271b3541c96
89e38ae45e4ab6870530ad77bc793c32dcb03a600156b9930ffe3104f6702b25
90bb27544d2f4f02d498d1f51627ead28de3b1f8e8be78d9bc8704558ddee1ff
9554e80e9205a72958e651c671af8454206f962a3b73a8d1d1da08436020fc48
98ba8f881333898d751dabe4f8b4cacc4489a9f5b6b4fd1fc67c571dbfec95cf
9a630b852e94f20cb8140704fd830bf40bfea0a2effaa67d06a0eadafbf3d508
9e611fba6a87626e60f74d361f0c94d1ba226bc0726a05791f40ddb7fbba2c4f
9e97fc43ecd2f16948c3a8d2de65e0e5483db4ed5ab174058c178ca1c8665d0b
a04bf061f53e0011fd2f43bdf081526344f003c50146c88c42c2d95ef22c1821
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
a5ead9037af4a0e749e217f63b25a25493a7705e17d98f04b336ab1370a353db
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
a9cac8d49feccd603bac334c92c1e7dd5a829a1c01d4130550e8c9c0d9c72f7b
ab6024fb7867371c95557e377c23119dce8469fe6e718d4c8112b8ed0c16addf
b62d3ff7ec9f5543b6d6a2429170ed375b550d869b90d9886464143cd89b83ef
b90f7fac175d27c340a33924bcc8dd9faee533ed65430ba8e54891b0f5d89a59
bbbc44e5ebb0694e2faa4b84737dc33d6b8fa9d0eaa8b5f63ac3537130cb07bf
c55eebd9845964c111ecdbe7e583ed00ff47536f13c46a7e9c70430cc7ea091f
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356
ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142
cd7eba8cbcdd9e847e25e236e93e2f3551ff2c4520e26f2c0e43810c43782320
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
dee017002dae98e54e92a46adaba2efa3bc29c522fb7ecbcfc7305ba32b6af81
df13b2bb492cfe24e54a5fbdda0b434e5071be93b12683ab32ddc4318bc44a63
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f65dd0ed5ab0097e2cb276b346ccfaddb2a9134c9278af39c6a24cd821fce06f
f9b8cf31e7a76028ab84804ef78bf2bec7d7e743e6c1e433d512eccb9e4f509c
fe85cceb474303eb80a5ca9a60b16d92208a8e0b38647647654b0c42447b51f7

stfly.me Open in urlscan Pro 2606:4700:e0::ac40:6609 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page Statistics

73 Requests

99 %HTTPS

62 %IPv6

19 Domains

23 Subdomains

22 IPs

4 Countries

832 kBTransfer

2311 kBSize

19 Cookies

0 Outgoing links

Redirected requests

73 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 2 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

stfly.me Open in urlscan Pro
2606:4700:e0::ac40:6609 Public Scan

Screenshot
Live screenshot

Full Image

73
Requests

99 %
HTTPS

62 %
IPv6

19
Domains

23
Subdomains

22
IPs

4
Countries

832 kB
Transfer

2311 kB
Size

19
Cookies

73 HTTP transactions
2 data transactions