urlscan.io logo urlscan.io
SecurityTrails logo

dtfnsa.com Open in urlscan Pro
2a06:98c1:3121::c  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://www.or23trk.com/2ZMGF5X/2W2W8GM/
Effective URL: https://dtfnsa.com/de/f2397h/?utm_campaign=10&data3=1212&data4=&email=&cep=Qj5qJItmgDZnw_rF2DL0CRlXX0xZ2qBiovAHsTNK...
Submission: On September 12 via manual from DE — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 5 IPs in 4 countries across 8 domains to perform 14 HTTP transactions. The main IP is 2a06:98c1:3121::c, located in United States and belongs to CLOUDFLARENET, US. The main domain is dtfnsa.com. The Cisco Umbrella rank of the primary domain is 614949.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on October 22nd 2021. Valid for: a year.
This is the only time dtfnsa.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
2 2 34.120.151.224 15169 (GOOGLE)
2 2 2606:4700:303... 13335 (CLOUDFLAR...)
1 1 18.184.38.55 16509 (AMAZON-02)
5 2a06:98c1:312... 13335 (CLOUDFLAR...)
6 2606:4700::68... 13335 (CLOUDFLAR...)
1 167.114.67.56 16276 (OVH)
1 51.68.197.173 16276 (OVH)
1 1 2a00:1450:400... 15169 (GOOGLE)
1 2 2a00:1450:400... 15169 (GOOGLE)
14 5
2    34.120.151.224 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 224.151.120.34.bc.googleusercontent.com
www.or23trk.com
2    2606:4700:3035::ac43:be7f (United States)

ASN13335 (CLOUDFLARENET, US)
tracking.t0r4.com
1    18.184.38.55 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-184-38-55.eu-central-1.compute.amazonaws.com
zzotrack.com
5    2a06:98c1:3121::c (United States)

ASN13335 (CLOUDFLARENET, US)
dtfnsa.com
6    2606:4700::6812:e234 (United States)

ASN13335 (CLOUDFLARENET, US)
cdn.onesignal.com
onesignal.com
img.onesignal.com
1    167.114.67.56 (Montreal, Canada)

ASN16276 (OVH, FR)
PTR: 56.ip-167-114-67.net
zeniocloud.com
1    51.68.197.173 (France)

ASN16276 (OVH, FR)
PTR: vps-ba099095.vps.ovh.net
alexatracker.com
1    2a00:1450:4001:800::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
lh3.google.com
2    2a00:1450:4001:80b::200d (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
accounts.google.com
Apex Domain
Subdomains		 Transfer
6 onesignal.com
cdn.onesignal.com — Cisco Umbrella Rank: 3423
onesignal.com — Cisco Umbrella Rank: 947
img.onesignal.com — Cisco Umbrella Rank: 6452
193 KB
5 dtfnsa.com
dtfnsa.com — Cisco Umbrella Rank: 614949
103 KB
3 google.com
lh3.google.com — Cisco Umbrella Rank: 4080
accounts.google.com — Cisco Umbrella Rank: 126
1 KB
2 t0r4.com
tracking.t0r4.com — Cisco Umbrella Rank: 928318
1 KB
2 or23trk.com
www.or23trk.com
745 B
1 alexatracker.com
alexatracker.com — Cisco Umbrella Rank: 146500
10 KB
1 zeniocloud.com
zeniocloud.com — Cisco Umbrella Rank: 166443
420 B
1 zzotrack.com
zzotrack.com — Cisco Umbrella Rank: 876413
1 KB
14 8
Domain Requested by
5 dtfnsa.com dtfnsa.com
3 onesignal.com cdn.onesignal.com
2 accounts.google.com 1 redirects dtfnsa.com
2 cdn.onesignal.com dtfnsa.com
cdn.onesignal.com
2 tracking.t0r4.com 2 redirects
2 www.or23trk.com 2 redirects
1 img.onesignal.com
1 lh3.google.com 1 redirects
1 alexatracker.com zeniocloud.com
1 zeniocloud.com dtfnsa.com
1 zzotrack.com 1 redirects
14 11

This site contains no links.

Subject Issuer Validity Valid
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2021-10-22 -
2022-10-21		 a year crt.sh
zeniocloud.com
R3		 2022-07-17 -
2022-10-15		 3 months crt.sh
alexatracker.com
R3		 2022-07-29 -
2022-10-27		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://dtfnsa.com/de/f2397h/?utm_campaign=10&data3=1212&data4=&email=&cep=Qj5qJItmgDZnw_rF2DL0CRlXX0xZ2qBiovAHsTNKUBNhWLunlvZ0KaytlJYgKwKAH80xn0QtWBRHFRzCrJ6hto4FCpWXYHEXJXzRb420JTAu3u6jzgt__pRFn17YPXchwT53ZZKCUFXOr8xSlk7h_PFEuYdktbPS4sbqCI7C7X87KpG-5sN_AvFlQCHCYzz_Xld7-Q0xQLvjZHa6W-wjjTk9-n18EQT-8DrZCxRqTxGR0a36T4HmDLsg0XqMpbUSq66zCjdhyGVz-D7df1WFLBZ5hSvwCgfR543of3enEPjc3__YwtNlI8Un6HnHtuvNbS7kWtHNWBsD-3GPsf-kSlEjUamOPc9w0Euuzl9dXJcyrHG5WRYCdB8wfhQEbv01FBdmKS4pOR0zC11-YaNKJdG54Vgeex63gln7KN7TFrWYc5Qr8Wf4vM1_cVZz1DSq8C-hP41fBamSj2WyxWf4yw&lptoken=169c6222968228b04996&pid=10&offer_id=1212&reff=&geo=DE&sub1=818&sub2=1252&clickid=631ec5997cda5f0001d317dc
Frame ID: 80F0FBC2F9FB481EE0F396286BD179E3
Requests: 14 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Dies ist KEINE Datingseite!

Page URL History Show full URLs

  1. https://www.or23trk.com/2ZMGF5X/2W2W8GM/ HTTP 302
    https://www.or23trk.com/2ZMGF5X/2S3BX2C/?__rpt=0&__po=1070&__ptid=f22bbb42a07048ada2cfa68b85fb684b&_... HTTP 302
    https://tracking.t0r4.com/click?pid=818&offer_id=1252&sub1=1226&sub3=828953ae408343288bbdb05ca86ab160 HTTP 302
    https://tracking.t0r4.com/click?pid=10&offer_id=1212&sub1=818&sub2=1252 HTTP 302
    https://zzotrack.com/ff5c1bc0-53f1-4573-8083-234256664f4d?pid=10&offer_id=1212&reff=&geo=DE&sub1=... HTTP 302
    https://dtfnsa.com/de/f2397h/?utm_campaign=10&data3=1212&data4=&email=&cep=Qj5qJItmgDZnw_rF2DL0... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • cdn\.onesignal\.com
Overall confidence: 100%
Detected patterns
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

14
Requests

93 %
HTTPS

56 %
IPv6

8
Domains

11
Subdomains

5
IPs

4
Countries

306 kB
Transfer

668 kB
Size

10
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://www.or23trk.com/2ZMGF5X/2W2W8GM/ HTTP 302
    https://www.or23trk.com/2ZMGF5X/2S3BX2C/?__rpt=0&__po=1070&__ptid=f22bbb42a07048ada2cfa68b85fb684b&__rpa=1&__rc=1&sub1=&sub2=&sub3=&sub4=&sub5=&source_id=&__pcd=9 HTTP 302
    https://tracking.t0r4.com/click?pid=818&offer_id=1252&sub1=1226&sub3=828953ae408343288bbdb05ca86ab160 HTTP 302
    https://tracking.t0r4.com/click?pid=10&offer_id=1212&sub1=818&sub2=1252 HTTP 302
    https://zzotrack.com/ff5c1bc0-53f1-4573-8083-234256664f4d?pid=10&offer_id=1212&reff=&geo=DE&sub1=818&sub2=1252&clickid=631ec5997cda5f0001d317dc HTTP 302
    https://dtfnsa.com/de/f2397h/?utm_campaign=10&data3=1212&data4=&email=&cep=Qj5qJItmgDZnw_rF2DL0CRlXX0xZ2qBiovAHsTNKUBNhWLunlvZ0KaytlJYgKwKAH80xn0QtWBRHFRzCrJ6hto4FCpWXYHEXJXzRb420JTAu3u6jzgt__pRFn17YPXchwT53ZZKCUFXOr8xSlk7h_PFEuYdktbPS4sbqCI7C7X87KpG-5sN_AvFlQCHCYzz_Xld7-Q0xQLvjZHa6W-wjjTk9-n18EQT-8DrZCxRqTxGR0a36T4HmDLsg0XqMpbUSq66zCjdhyGVz-D7df1WFLBZ5hSvwCgfR543of3enEPjc3__YwtNlI8Un6HnHtuvNbS7kWtHNWBsD-3GPsf-kSlEjUamOPc9w0Euuzl9dXJcyrHG5WRYCdB8wfhQEbv01FBdmKS4pOR0zC11-YaNKJdG54Vgeex63gln7KN7TFrWYc5Qr8Wf4vM1_cVZz1DSq8C-hP41fBamSj2WyxWf4yw&lptoken=169c6222968228b04996&pid=10&offer_id=1212&reff=&geo=DE&sub1=818&sub2=1252&clickid=631ec5997cda5f0001d317dc Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 9
  • https://lh3.google.com/u/0/d/1l0frEmdXyaOzgdSdyzEFLxHRz8nZsme1xNv0ZMbsDI0=w100 HTTP 302
  • https://accounts.google.com/ServiceLogin?continue=https://lh3.google.com/u/0/d/1l0frEmdXyaOzgdSdyzEFLxHRz8nZsme1xNv0ZMbsDI0%3Dw100&hl=en HTTP 302
  • https://accounts.google.com/v3/signin/identifier?dsh=S498447%3A1662961051044901&continue=https%3A%2F%2Flh3.google.com%2Fu%2F0%2Fd%2F1l0frEmdXyaOzgdSdyzEFLxHRz8nZsme1xNv0ZMbsDI0%3Dw100&hl=en&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AQDHYWrgzkmUPZiHWfE1kw-iRcrZaHIz2zjRtVpWIRnbOhbzPCpzqW6PzhOU_7Jeje10nk_4-n1F

14 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
dtfnsa.com/de/f2397h/
Redirect Chain
  • https://www.or23trk.com/2ZMGF5X/2W2W8GM/
  • https://www.or23trk.com/2ZMGF5X/2S3BX2C/?__rpt=0&__po=1070&__ptid=f22bbb42a07048ada2cfa68b85fb684b&__rpa=1&__rc=1&sub1=&sub2=&sub3=&sub4=&sub5=&source_id=&__pcd=9
  • https://tracking.t0r4.com/click?pid=818&offer_id=1252&sub1=1226&sub3=828953ae408343288bbdb05ca86ab160
  • https://tracking.t0r4.com/click?pid=10&offer_id=1212&sub1=818&sub2=1252
  • https://zzotrack.com/ff5c1bc0-53f1-4573-8083-234256664f4d?pid=10&offer_id=1212&reff=&geo=DE&sub1=818&sub2=1252&clickid=631ec5997cda5f0001d317dc
  • https://dtfnsa.com/de/f2397h/?utm_campaign=10&data3=1212&data4=&email=&cep=Qj5qJItmgDZnw_rF2DL0CRlXX0xZ2qBiovAHsTNKUBNhWLunlvZ0KaytlJYgKwKAH80xn0QtWBRHFRzCrJ6hto4FCpWXYHEXJXzRb420JTAu3u6jzgt__pRFn1...
9 KB
4 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://dtfnsa.com/de/f2397h/?utm_campaign=10&data3=1212&data4=&email=&cep=Qj5qJItmgDZnw_rF2DL0CRlXX0xZ2qBiovAHsTNKUBNhWLunlvZ0KaytlJYgKwKAH80xn0QtWBRHFRzCrJ6hto4FCpWXYHEXJXzRb420JTAu3u6jzgt__pRFn17YPXchwT53ZZKCUFXOr8xSlk7h_PFEuYdktbPS4sbqCI7C7X87KpG-5sN_AvFlQCHCYzz_Xld7-Q0xQLvjZHa6W-wjjTk9-n18EQT-8DrZCxRqTxGR0a36T4HmDLsg0XqMpbUSq66zCjdhyGVz-D7df1WFLBZ5hSvwCgfR543of3enEPjc3__YwtNlI8Un6HnHtuvNbS7kWtHNWBsD-3GPsf-kSlEjUamOPc9w0Euuzl9dXJcyrHG5WRYCdB8wfhQEbv01FBdmKS4pOR0zC11-YaNKJdG54Vgeex63gln7KN7TFrWYc5Qr8Wf4vM1_cVZz1DSq8C-hP41fBamSj2WyxWf4yw&lptoken=169c6222968228b04996&pid=10&offer_id=1212&reff=&geo=DE&sub1=818&sub2=1252&clickid=631ec5997cda5f0001d317dc
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3121::c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
dfb2a9791196d93506c81236c993e0931ac26ffe9cdb9aa1cce11429d760fd94

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
74964aa0ee859c04-FRA
content-encoding
br
content-type
text/html; charset=UTF-8
date
Mon, 12 Sep 2022 05:37:29 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vOPA%2Fc4ihn2xGMDxV5bOlgyZIOYbFy3RJn572lr%2Feyj3ij3v3Qk%2FJEYbXcILE3zixOKUgIghZWQhq%2B%2Fo9q6wpZSb5VXlfyXUZbDodn2uh8%2Bz%2FO3pLNIFPokXW%2BAnH3CdPRHj9ME%2Falfg"}],"group":"cf-nel","max_age":604800}
server
cloudflare

Redirect headers

cache-control
no-store, no-cache, pre-check=0, post-check=0
content-length
0
date
Mon, 12 Sep 2022 05:37:29 GMT
expires
Thu, 01 Jan 1970 00:00:00 GMT
location
https://dtfnsa.com/de/f2397h/?utm_campaign=10&data3=1212&data4=&email=&cep=Qj5qJItmgDZnw_rF2DL0CRlXX0xZ2qBiovAHsTNKUBNhWLunlvZ0KaytlJYgKwKAH80xn0QtWBRHFRzCrJ6hto4FCpWXYHEXJXzRb420JTAu3u6jzgt__pRFn17YPXchwT53ZZKCUFXOr8xSlk7h_PFEuYdktbPS4sbqCI7C7X87KpG-5sN_AvFlQCHCYzz_Xld7-Q0xQLvjZHa6W-wjjTk9-n18EQT-8DrZCxRqTxGR0a36T4HmDLsg0XqMpbUSq66zCjdhyGVz-D7df1WFLBZ5hSvwCgfR543of3enEPjc3__YwtNlI8Un6HnHtuvNbS7kWtHNWBsD-3GPsf-kSlEjUamOPc9w0Euuzl9dXJcyrHG5WRYCdB8wfhQEbv01FBdmKS4pOR0zC11-YaNKJdG54Vgeex63gln7KN7TFrWYc5Qr8Wf4vM1_cVZz1DSq8C-hP41fBamSj2WyxWf4yw&lptoken=169c6222968228b04996&pid=10&offer_id=1212&reff=&geo=DE&sub1=818&sub2=1252&clickid=631ec5997cda5f0001d317dc
pragma
no-cache
server
nginx
style4blue.css
dtfnsa.com/de/f2397h/files/ 		3 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://dtfnsa.com/de/f2397h/files/style4blue.css
Requested by
Host: dtfnsa.com
URL: https://dtfnsa.com/de/f2397h/?utm_campaign=10&data3=1212&data4=&email=&cep=Qj5qJItmgDZnw_rF2DL0CRlXX0xZ2qBiovAHsTNKUBNhWLunlvZ0KaytlJYgKwKAH80xn0QtWBRHFRzCrJ6hto4FCpWXYHEXJXzRb420JTAu3u6jzgt__pRFn17YPXchwT53ZZKCUFXOr8xSlk7h_PFEuYdktbPS4sbqCI7C7X87KpG-5sN_AvFlQCHCYzz_Xld7-Q0xQLvjZHa6W-wjjTk9-n18EQT-8DrZCxRqTxGR0a36T4HmDLsg0XqMpbUSq66zCjdhyGVz-D7df1WFLBZ5hSvwCgfR543of3enEPjc3__YwtNlI8Un6HnHtuvNbS7kWtHNWBsD-3GPsf-kSlEjUamOPc9w0Euuzl9dXJcyrHG5WRYCdB8wfhQEbv01FBdmKS4pOR0zC11-YaNKJdG54Vgeex63gln7KN7TFrWYc5Qr8Wf4vM1_cVZz1DSq8C-hP41fBamSj2WyxWf4yw&lptoken=169c6222968228b04996&pid=10&offer_id=1212&reff=&geo=DE&sub1=818&sub2=1252&clickid=631ec5997cda5f0001d317dc
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a06:98c1:3121::c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a7c7e367c882cfaa6356920ff6187934433a4ab5e1baa04b90cded31a07bf2ec

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://dtfnsa.com/de/f2397h/?utm_campaign=10&data3=1212&data4=&email=&cep=Qj5qJItmgDZnw_rF2DL0CRlXX0xZ2qBiovAHsTNKUBNhWLunlvZ0KaytlJYgKwKAH80xn0QtWBRHFRzCrJ6hto4FCpWXYHEXJXzRb420JTAu3u6jzgt__pRFn17YPXchwT53ZZKCUFXOr8xSlk7h_PFEuYdktbPS4sbqCI7C7X87KpG-5sN_AvFlQCHCYzz_Xld7-Q0xQLvjZHa6W-wjjTk9-n18EQT-8DrZCxRqTxGR0a36T4HmDLsg0XqMpbUSq66zCjdhyGVz-D7df1WFLBZ5hSvwCgfR543of3enEPjc3__YwtNlI8Un6HnHtuvNbS7kWtHNWBsD-3GPsf-kSlEjUamOPc9w0Euuzl9dXJcyrHG5WRYCdB8wfhQEbv01FBdmKS4pOR0zC11-YaNKJdG54Vgeex63gln7KN7TFrWYc5Qr8Wf4vM1_cVZz1DSq8C-hP41fBamSj2WyxWf4yw&lptoken=169c6222968228b04996&pid=10&offer_id=1212&reff=&geo=DE&sub1=818&sub2=1252&clickid=631ec5997cda5f0001d317dc
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 12 Sep 2022 05:37:29 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
6873
cf-polished
origSize=4758
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified
Thu, 08 Sep 2022 15:42:10 GMT
server
cloudflare
etag
W/"631a0d52-1296"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vMBQDvqhWVWcgjyku%2FvQN%2FnrpJ1UTQXe4%2Br5sYdn%2FBbKgxg%2FCp%2Fo823SBnMOUHgBXBV3eFEKqG3LxE3PVJ0rpPwNrqUknqJ1aKkjM3IL2N1dSzkm0Jab7ZY6QEW6EQ6E4%2FCHCEgkndB8"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
max-age=14400
cf-ray
74964aa25ed99be9-FRA
cf-bgj
minify
jquery.js
dtfnsa.com/de/f2397h/files/ 		94 KB
34 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://dtfnsa.com/de/f2397h/files/jquery.js
Requested by
Host: dtfnsa.com
URL: https://dtfnsa.com/de/f2397h/?utm_campaign=10&data3=1212&data4=&email=&cep=Qj5qJItmgDZnw_rF2DL0CRlXX0xZ2qBiovAHsTNKUBNhWLunlvZ0KaytlJYgKwKAH80xn0QtWBRHFRzCrJ6hto4FCpWXYHEXJXzRb420JTAu3u6jzgt__pRFn17YPXchwT53ZZKCUFXOr8xSlk7h_PFEuYdktbPS4sbqCI7C7X87KpG-5sN_AvFlQCHCYzz_Xld7-Q0xQLvjZHa6W-wjjTk9-n18EQT-8DrZCxRqTxGR0a36T4HmDLsg0XqMpbUSq66zCjdhyGVz-D7df1WFLBZ5hSvwCgfR543of3enEPjc3__YwtNlI8Un6HnHtuvNbS7kWtHNWBsD-3GPsf-kSlEjUamOPc9w0Euuzl9dXJcyrHG5WRYCdB8wfhQEbv01FBdmKS4pOR0zC11-YaNKJdG54Vgeex63gln7KN7TFrWYc5Qr8Wf4vM1_cVZz1DSq8C-hP41fBamSj2WyxWf4yw&lptoken=169c6222968228b04996&pid=10&offer_id=1212&reff=&geo=DE&sub1=818&sub2=1252&clickid=631ec5997cda5f0001d317dc
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a06:98c1:3121::c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c75cdc4ff797e03e2dec2e779dbfdc8ad18e3cbd4043aa20c5901bcb489f2f5d

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://dtfnsa.com/de/f2397h/?utm_campaign=10&data3=1212&data4=&email=&cep=Qj5qJItmgDZnw_rF2DL0CRlXX0xZ2qBiovAHsTNKUBNhWLunlvZ0KaytlJYgKwKAH80xn0QtWBRHFRzCrJ6hto4FCpWXYHEXJXzRb420JTAu3u6jzgt__pRFn17YPXchwT53ZZKCUFXOr8xSlk7h_PFEuYdktbPS4sbqCI7C7X87KpG-5sN_AvFlQCHCYzz_Xld7-Q0xQLvjZHa6W-wjjTk9-n18EQT-8DrZCxRqTxGR0a36T4HmDLsg0XqMpbUSq66zCjdhyGVz-D7df1WFLBZ5hSvwCgfR543of3enEPjc3__YwtNlI8Un6HnHtuvNbS7kWtHNWBsD-3GPsf-kSlEjUamOPc9w0Euuzl9dXJcyrHG5WRYCdB8wfhQEbv01FBdmKS4pOR0zC11-YaNKJdG54Vgeex63gln7KN7TFrWYc5Qr8Wf4vM1_cVZz1DSq8C-hP41fBamSj2WyxWf4yw&lptoken=169c6222968228b04996&pid=10&offer_id=1212&reff=&geo=DE&sub1=818&sub2=1252&clickid=631ec5997cda5f0001d317dc
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 12 Sep 2022 05:37:29 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
2274
cf-polished
origSize=96381
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified
Thu, 08 Sep 2022 15:42:10 GMT
server
cloudflare
etag
W/"631a0d52-1787d"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Pqj4%2BGhd0bJ3Rc89TPlIJI%2BMN0XRvRA3lfACGGhPCM8J2lLZXRHo3fSVIVQRsT0b%2FMqHog0Nzeb76caRtLZR2M9NVcR6CGoCXT0ixVlD9FgM%2BkloZSwLM9ibgiWVUx7v%2FNWzzgn6RNVU"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
cache-control
max-age=14400
cf-ray
74964aa25edb9be9-FRA
cf-bgj
minify
showHide.js
dtfnsa.com/de/f2397h/files/ 		519 B
835 B 		Script
General
Check archive.org
Download Go to
Full URL
https://dtfnsa.com/de/f2397h/files/showHide.js
Requested by
Host: dtfnsa.com
URL: https://dtfnsa.com/de/f2397h/?utm_campaign=10&data3=1212&data4=&email=&cep=Qj5qJItmgDZnw_rF2DL0CRlXX0xZ2qBiovAHsTNKUBNhWLunlvZ0KaytlJYgKwKAH80xn0QtWBRHFRzCrJ6hto4FCpWXYHEXJXzRb420JTAu3u6jzgt__pRFn17YPXchwT53ZZKCUFXOr8xSlk7h_PFEuYdktbPS4sbqCI7C7X87KpG-5sN_AvFlQCHCYzz_Xld7-Q0xQLvjZHa6W-wjjTk9-n18EQT-8DrZCxRqTxGR0a36T4HmDLsg0XqMpbUSq66zCjdhyGVz-D7df1WFLBZ5hSvwCgfR543of3enEPjc3__YwtNlI8Un6HnHtuvNbS7kWtHNWBsD-3GPsf-kSlEjUamOPc9w0Euuzl9dXJcyrHG5WRYCdB8wfhQEbv01FBdmKS4pOR0zC11-YaNKJdG54Vgeex63gln7KN7TFrWYc5Qr8Wf4vM1_cVZz1DSq8C-hP41fBamSj2WyxWf4yw&lptoken=169c6222968228b04996&pid=10&offer_id=1212&reff=&geo=DE&sub1=818&sub2=1252&clickid=631ec5997cda5f0001d317dc
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a06:98c1:3121::c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
78a8133b00b705e1c18c56a499692b8b5521e5406e4fd198d590d536135d1ca6

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://dtfnsa.com/de/f2397h/?utm_campaign=10&data3=1212&data4=&email=&cep=Qj5qJItmgDZnw_rF2DL0CRlXX0xZ2qBiovAHsTNKUBNhWLunlvZ0KaytlJYgKwKAH80xn0QtWBRHFRzCrJ6hto4FCpWXYHEXJXzRb420JTAu3u6jzgt__pRFn17YPXchwT53ZZKCUFXOr8xSlk7h_PFEuYdktbPS4sbqCI7C7X87KpG-5sN_AvFlQCHCYzz_Xld7-Q0xQLvjZHa6W-wjjTk9-n18EQT-8DrZCxRqTxGR0a36T4HmDLsg0XqMpbUSq66zCjdhyGVz-D7df1WFLBZ5hSvwCgfR543of3enEPjc3__YwtNlI8Un6HnHtuvNbS7kWtHNWBsD-3GPsf-kSlEjUamOPc9w0Euuzl9dXJcyrHG5WRYCdB8wfhQEbv01FBdmKS4pOR0zC11-YaNKJdG54Vgeex63gln7KN7TFrWYc5Qr8Wf4vM1_cVZz1DSq8C-hP41fBamSj2WyxWf4yw&lptoken=169c6222968228b04996&pid=10&offer_id=1212&reff=&geo=DE&sub1=818&sub2=1252&clickid=631ec5997cda5f0001d317dc
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 12 Sep 2022 05:37:29 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
6191
cf-polished
origSize=1513
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified
Thu, 08 Sep 2022 15:42:10 GMT
server
cloudflare
etag
W/"631a0d52-5e9"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=G5M%2FIh7%2FjSEJcm5bNGifxEm1aAp0KSPw%2FVUYkcRfZgAtxcJ0Qp%2Fx8D5MAvPIpPqm6K4vRFQPV7hv105dZVLIbd4YXAA9BYxe9AJxcwqYk7lQfbUX9qHVe2Jc1HxntoBUTpUu65p%2FlN0k"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
cache-control
max-age=14400
cf-ray
74964aa25edc9be9-FRA
cf-bgj
minify
17.gif
dtfnsa.com/de/f2397h/files/ 		62 KB
63 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dtfnsa.com/de/f2397h/files/17.gif
Requested by
Host: dtfnsa.com
URL: https://dtfnsa.com/de/f2397h/?utm_campaign=10&data3=1212&data4=&email=&cep=Qj5qJItmgDZnw_rF2DL0CRlXX0xZ2qBiovAHsTNKUBNhWLunlvZ0KaytlJYgKwKAH80xn0QtWBRHFRzCrJ6hto4FCpWXYHEXJXzRb420JTAu3u6jzgt__pRFn17YPXchwT53ZZKCUFXOr8xSlk7h_PFEuYdktbPS4sbqCI7C7X87KpG-5sN_AvFlQCHCYzz_Xld7-Q0xQLvjZHa6W-wjjTk9-n18EQT-8DrZCxRqTxGR0a36T4HmDLsg0XqMpbUSq66zCjdhyGVz-D7df1WFLBZ5hSvwCgfR543of3enEPjc3__YwtNlI8Un6HnHtuvNbS7kWtHNWBsD-3GPsf-kSlEjUamOPc9w0Euuzl9dXJcyrHG5WRYCdB8wfhQEbv01FBdmKS4pOR0zC11-YaNKJdG54Vgeex63gln7KN7TFrWYc5Qr8Wf4vM1_cVZz1DSq8C-hP41fBamSj2WyxWf4yw&lptoken=169c6222968228b04996&pid=10&offer_id=1212&reff=&geo=DE&sub1=818&sub2=1252&clickid=631ec5997cda5f0001d317dc
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a06:98c1:3121::c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c9a1b1d512825873e62b6f559c5e1b9f00ec429fba0e3ec78a53f149c5caa2da

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://dtfnsa.com/de/f2397h/?utm_campaign=10&data3=1212&data4=&email=&cep=Qj5qJItmgDZnw_rF2DL0CRlXX0xZ2qBiovAHsTNKUBNhWLunlvZ0KaytlJYgKwKAH80xn0QtWBRHFRzCrJ6hto4FCpWXYHEXJXzRb420JTAu3u6jzgt__pRFn17YPXchwT53ZZKCUFXOr8xSlk7h_PFEuYdktbPS4sbqCI7C7X87KpG-5sN_AvFlQCHCYzz_Xld7-Q0xQLvjZHa6W-wjjTk9-n18EQT-8DrZCxRqTxGR0a36T4HmDLsg0XqMpbUSq66zCjdhyGVz-D7df1WFLBZ5hSvwCgfR543of3enEPjc3__YwtNlI8Un6HnHtuvNbS7kWtHNWBsD-3GPsf-kSlEjUamOPc9w0Euuzl9dXJcyrHG5WRYCdB8wfhQEbv01FBdmKS4pOR0zC11-YaNKJdG54Vgeex63gln7KN7TFrWYc5Qr8Wf4vM1_cVZz1DSq8C-hP41fBamSj2WyxWf4yw&lptoken=169c6222968228b04996&pid=10&offer_id=1212&reff=&geo=DE&sub1=818&sub2=1252&clickid=631ec5997cda5f0001d317dc
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 12 Sep 2022 05:37:29 GMT
cf-cache-status
HIT
last-modified
Thu, 08 Sep 2022 15:42:10 GMT
server
cloudflare
age
3701
etag
"631a0d52-f8ed"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fRMRDvnpEiQGswzbuo2l8uEWfWvwLtvN543rjFSYpp9vKD8wshhALn%2ByyT%2FKT2K%2BAFOpraq%2FjUvfywj0dKdAkn%2F95cWQ5qBbLyHaZIPqUDO07mQjlYutZpH7BEuVzheZuSRIH7KF8oF%2F"}],"group":"cf-nel","max_age":604800}
content-type
image/gif
cache-control
max-age=14400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges
bytes
cf-ray
74964aa25ede9be9-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
63725
OneSignalSDK.js
cdn.onesignal.com/sdks/ 		9 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.onesignal.com/sdks/OneSignalSDK.js
Requested by
Host: dtfnsa.com
URL: https://dtfnsa.com/de/f2397h/?utm_campaign=10&data3=1212&data4=&email=&cep=Qj5qJItmgDZnw_rF2DL0CRlXX0xZ2qBiovAHsTNKUBNhWLunlvZ0KaytlJYgKwKAH80xn0QtWBRHFRzCrJ6hto4FCpWXYHEXJXzRb420JTAu3u6jzgt__pRFn17YPXchwT53ZZKCUFXOr8xSlk7h_PFEuYdktbPS4sbqCI7C7X87KpG-5sN_AvFlQCHCYzz_Xld7-Q0xQLvjZHa6W-wjjTk9-n18EQT-8DrZCxRqTxGR0a36T4HmDLsg0XqMpbUSq66zCjdhyGVz-D7df1WFLBZ5hSvwCgfR543of3enEPjc3__YwtNlI8Un6HnHtuvNbS7kWtHNWBsD-3GPsf-kSlEjUamOPc9w0Euuzl9dXJcyrHG5WRYCdB8wfhQEbv01FBdmKS4pOR0zC11-YaNKJdG54Vgeex63gln7KN7TFrWYc5Qr8Wf4vM1_cVZz1DSq8C-hP41fBamSj2WyxWf4yw&lptoken=169c6222968228b04996&pid=10&offer_id=1212&reff=&geo=DE&sub1=818&sub2=1252&clickid=631ec5997cda5f0001d317dc
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:e234 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d12c6745eca14e06d4dea70f4c2bd875769b349770d04300477ab18d0db005d4
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://dtfnsa.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

cf-ray
74964aa268d5996c-FRA
date
Mon, 12 Sep 2022 05:37:29 GMT
via
1.1 google
cf-cache-status
HIT
server
cloudflare
age
1432
etag
W/"ae63ef8ff03da61fffaa7f165729897a"
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=259200
strict-transport-security
max-age=15552000; includeSubDomains
content-encoding
br
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires
Thu, 15 Sep 2022 05:37:29 GMT
gAIA.js
zeniocloud.com/ 		545 B
420 B 		Script
General
Check archive.org
Download Go to
Full URL
https://zeniocloud.com/gAIA.js?prid=&sub2=10
Requested by
Host: dtfnsa.com
URL: https://dtfnsa.com/de/f2397h/?utm_campaign=10&data3=1212&data4=&email=&cep=Qj5qJItmgDZnw_rF2DL0CRlXX0xZ2qBiovAHsTNKUBNhWLunlvZ0KaytlJYgKwKAH80xn0QtWBRHFRzCrJ6hto4FCpWXYHEXJXzRb420JTAu3u6jzgt__pRFn17YPXchwT53ZZKCUFXOr8xSlk7h_PFEuYdktbPS4sbqCI7C7X87KpG-5sN_AvFlQCHCYzz_Xld7-Q0xQLvjZHa6W-wjjTk9-n18EQT-8DrZCxRqTxGR0a36T4HmDLsg0XqMpbUSq66zCjdhyGVz-D7df1WFLBZ5hSvwCgfR543of3enEPjc3__YwtNlI8Un6HnHtuvNbS7kWtHNWBsD-3GPsf-kSlEjUamOPc9w0Euuzl9dXJcyrHG5WRYCdB8wfhQEbv01FBdmKS4pOR0zC11-YaNKJdG54Vgeex63gln7KN7TFrWYc5Qr8Wf4vM1_cVZz1DSq8C-hP41fBamSj2WyxWf4yw&lptoken=169c6222968228b04996&pid=10&offer_id=1212&reff=&geo=DE&sub1=818&sub2=1252&clickid=631ec5997cda5f0001d317dc
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
167.114.67.56 Montreal, Canada, ASN16276 (OVH, FR),
Reverse DNS
56.ip-167-114-67.net
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
18c2c51669003637a12557557962c9d40fd565d710600c50d821021cbfa6299b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://dtfnsa.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 12 Sep 2022 05:37:30 GMT
content-encoding
gzip
server
nginx/1.18.0 (Ubuntu)
content-type
text/html; charset=UTF-8
OneSignalPageSDKES6.js
cdn.onesignal.com/sdks/ 		283 KB
68 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.onesignal.com/sdks/OneSignalPageSDKES6.js?v=151514
Requested by
Host: cdn.onesignal.com
URL: https://cdn.onesignal.com/sdks/OneSignalSDK.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6812:e234 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
843114448aaeeda7e8caa0cf76d61e0c63b8bffccd34517483363fdb15cdc80c
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://dtfnsa.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

cf-ray
74964aa2eb0e9b7a-FRA
date
Mon, 12 Sep 2022 05:37:30 GMT
via
1.1 google
cf-cache-status
HIT
server
cloudflare
age
2925
etag
W/"2f96824aee4bf927e734cc519e3e726d"
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=259200
strict-transport-security
max-age=15552000; includeSubDomains
content-encoding
br
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires
Thu, 15 Sep 2022 05:37:30 GMT
web
onesignal.com/api/v1/sync/c3091c4b-609e-458f-b555-5e6e709ba131/ 		5 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://onesignal.com/api/v1/sync/c3091c4b-609e-458f-b555-5e6e709ba131/web?callback=__jp0
Requested by
Host: cdn.onesignal.com
URL: https://cdn.onesignal.com/sdks/OneSignalPageSDKES6.js?v=151514
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:e234 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5fe254e86d5e5809a886c9402f306ce6696cb1ba4b9a0db44ee69ac7fb9d7487
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://dtfnsa.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 12 Sep 2022 05:37:30 GMT
via
1.1 google
x-content-type-options
nosniff
cf-cache-status
HIT
x-permitted-cross-domain-policies
none
age
3121
cf-polished
origSize=4986
status
200 OK
x-envoy-upstream-service-time
29
content-encoding
br
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection
1; mode=block
x-request-id
658fe47c-2308-4dd1-82bd-cbb2dfdfba0b
x-runtime
0.027901
referrer-policy
strict-origin-when-cross-origin
cf-bgj
minify
server
cloudflare
x-frame-options
SAMEORIGIN
etag
W/"86a67f6300f74164c08385528b3be025"
x-download-options
noopen
strict-transport-security
max-age=15552000; includeSubDomains
content-type
text/javascript; charset=utf-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=3600
cf-ray
74964aa359d4996c-FRA
access-control-allow-headers
SDK-Version
expires
Mon, 12 Sep 2022 06:37:30 GMT
gAIA.js
alexatracker.com/jscode/ 		9 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://alexatracker.com/jscode/gAIA.js?sub1=&sub2=10&sub3=&sub4=&sub5=&prid=
Requested by
Host: zeniocloud.com
URL: https://zeniocloud.com/gAIA.js?prid=&sub2=10
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
51.68.197.173 , France, ASN16276 (OVH, FR),
Reverse DNS
vps-ba099095.vps.ovh.net
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
e7c4304bf7ceb61f597b70626380ca356c9fe8125c061a1fe9684d5ece5a0e1b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://dtfnsa.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 12 Sep 2022 05:37:30 GMT
Server
nginx/1.18.0 (Ubuntu)
Content-Type
application/json; charset=UTF-8
Cache-Control
no-cache, no-store, must-revalidate
Connection
keep-alive
Content-Length
9584
Expires
0
identifier
accounts.google.com/v3/signin/
Redirect Chain
  • https://lh3.google.com/u/0/d/1l0frEmdXyaOzgdSdyzEFLxHRz8nZsme1xNv0ZMbsDI0=w100
  • https://accounts.google.com/ServiceLogin?continue=https://lh3.google.com/u/0/d/1l0frEmdXyaOzgdSdyzEFLxHRz8nZsme1xNv0ZMbsDI0%3Dw100&hl=en
  • https://accounts.google.com/v3/signin/identifier?dsh=S498447%3A1662961051044901&continue=https%3A%2F%2Flh3.google.com%2Fu%2F0%2Fd%2F1l0frEmdXyaOzgdSdyzEFLxHRz8nZsme1xNv0ZMbsDI0%3Dw100&hl=en&flowNam...
0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://accounts.google.com/v3/signin/identifier?dsh=S498447%3A1662961051044901&continue=https%3A%2F%2Flh3.google.com%2Fu%2F0%2Fd%2F1l0frEmdXyaOzgdSdyzEFLxHRz8nZsme1xNv0ZMbsDI0%3Dw100&hl=en&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AQDHYWrgzkmUPZiHWfE1kw-iRcrZaHIz2zjRtVpWIRnbOhbzPCpzqW6PzhOU_7Jeje10nk_4-n1F
Requested by
Host: dtfnsa.com
URL: https://dtfnsa.com/de/f2397h/?utm_campaign=10&data3=1212&data4=&email=&cep=Qj5qJItmgDZnw_rF2DL0CRlXX0xZ2qBiovAHsTNKUBNhWLunlvZ0KaytlJYgKwKAH80xn0QtWBRHFRzCrJ6hto4FCpWXYHEXJXzRb420JTAu3u6jzgt__pRFn17YPXchwT53ZZKCUFXOr8xSlk7h_PFEuYdktbPS4sbqCI7C7X87KpG-5sN_AvFlQCHCYzz_Xld7-Q0xQLvjZHa6W-wjjTk9-n18EQT-8DrZCxRqTxGR0a36T4HmDLsg0XqMpbUSq66zCjdhyGVz-D7df1WFLBZ5hSvwCgfR543of3enEPjc3__YwtNlI8Un6HnHtuvNbS7kWtHNWBsD-3GPsf-kSlEjUamOPc9w0Euuzl9dXJcyrHG5WRYCdB8wfhQEbv01FBdmKS4pOR0zC11-YaNKJdG54Vgeex63gln7KN7TFrWYc5Qr8Wf4vM1_cVZz1DSq8C-hP41fBamSj2WyxWf4yw&lptoken=169c6222968228b04996&pid=10&offer_id=1212&reff=&geo=DE&sub1=818&sub2=1252&clickid=631ec5997cda5f0001d317dc
Protocol
H3
Server
2a00:1450:4001:80b::200d Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Redirect headers

strict-transport-security
max-age=31536000; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
405
x-xss-protection
1; mode=block
pragma
no-cache
server
GSE
date
Mon, 12 Sep 2022 05:37:31 GMT
x-frame-options
DENY
report-to
{"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
content-type
text/html; charset=UTF-8
location
https://accounts.google.com/v3/signin/identifier?dsh=S498447%3A1662961051044901&continue=https%3A%2F%2Flh3.google.com%2Fu%2F0%2Fd%2F1l0frEmdXyaOzgdSdyzEFLxHRz8nZsme1xNv0ZMbsDI0%3Dw100&hl=en&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AQDHYWrgzkmUPZiHWfE1kw-iRcrZaHIz2zjRtVpWIRnbOhbzPCpzqW6PzhOU_7Jeje10nk_4-n1F
cache-control
no-cache, no-store, max-age=0, must-revalidate
content-security-policy
require-trusted-types-for 'script';report-uri /cspreport, script-src 'report-sample' 'nonce-D9HTcKJ26ra6XqK_KAJt6g' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport
cross-origin-opener-policy-report-only
same-origin; report-to="coop_gse_qebhlk"
expires
Mon, 01 Jan 1990 00:00:00 GMT
OneSignalSDKStyles.css
onesignal.com/sdks/ 		82 KB
9 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://onesignal.com/sdks/OneSignalSDKStyles.css?v=2
Requested by
Host: cdn.onesignal.com
URL: https://cdn.onesignal.com/sdks/OneSignalPageSDKES6.js?v=151514
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6812:e234 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
db7e0b393e175f19922fefbdcaa2866fca209c521d01cc834ae06cbf8d0f91b7
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://dtfnsa.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

cf-ray
74964ab939199b7a-FRA
date
Mon, 12 Sep 2022 05:37:33 GMT
via
1.1 google
cf-cache-status
HIT
server
cloudflare
age
1094
etag
W/"4e9aaefffd5f8ae7dc83361aa2294190"
vary
Accept-Encoding
content-type
text/css
cache-control
public, max-age=2592000
strict-transport-security
max-age=15552000; includeSubDomains
content-encoding
br
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires
Wed, 12 Oct 2022 05:37:33 GMT
icon
onesignal.com/api/v1/apps/c3091c4b-609e-458f-b555-5e6e709ba131/ 		184 B
602 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://onesignal.com/api/v1/apps/c3091c4b-609e-458f-b555-5e6e709ba131/icon
Requested by
Host: cdn.onesignal.com
URL: https://cdn.onesignal.com/sdks/OneSignalPageSDKES6.js?v=151514
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6812:e234 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
50fa27fa000bdd8c136de3481bf2ad5a302a244e1825b09ecab6fe4472a3e72f
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://dtfnsa.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 12 Sep 2022 05:37:33 GMT
via
1.1 google
x-content-type-options
nosniff
cf-cache-status
REVALIDATED
x-permitted-cross-domain-policies
none
status
200 OK
x-envoy-upstream-service-time
12
content-encoding
br
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection
1; mode=block
x-request-id
c64540aa-df4c-47ce-b5de-e218fd325a49
x-runtime
0.009642
referrer-policy
strict-origin-when-cross-origin
server
cloudflare
x-frame-options
SAMEORIGIN
etag
W/"50fa27fa000bdd8c136de3481bf2ad5a"
x-download-options
noopen
strict-transport-security
max-age=15552000; includeSubDomains
content-type
application/json; charset=utf-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
max-age=0, private, must-revalidate
cf-ray
74964ab979d1bb3d-FRA
access-control-allow-headers
SDK-Version
d26527ec-822b-4b87-8dd0-ed808da427a4
img.onesignal.com/permanent/ 		110 KB
110 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://img.onesignal.com/permanent/d26527ec-822b-4b87-8dd0-ed808da427a4
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:e234 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
94910bb8a8b8b035d4f298c0e644805c2c3efa450819528d4887bb9f4c127b4d
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://dtfnsa.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 12 Sep 2022 05:37:33 GMT
vary
Accept-Encoding
cf-cache-status
HIT
age
3471
x-amz-meta-cache-control
public, maxage=604800
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
112512
x-amz-id-2
BxrcxNYTSpIBt3skhn0D/ImURMeWIogS6Gtered+LFhnf9IMpiYWoJkFObzBsCqi7ixbZaU6eeo=
last-modified
Fri, 28 Jan 2022 15:36:15 GMT
server
cloudflare
etag
"f9ba9add911ac7dbe6cb5d19f26f4f20"
strict-transport-security
max-age=15552000; includeSubDomains
x-amz-request-id
ZED2D2X0F6D0QXY2
cache-control
public, max-age=2678400
accept-ranges
bytes
cf-ray
74964ab9cb76996c-FRA
expires
Thu, 13 Oct 2022 05:37:33 GMT

Verdicts & Comments Add Verdict or Comment

17 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onbeforeinput object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails function| queryLocalFonts object| navigation function| $ function| jQuery function| OneSignal number| __oneSignalSdkLoadCount function| __jp0 object| _0xc78e function| _0xe32c object| Cgml

10 Cookies

Domain/Path Name / Value
www.or23trk.com/ Name: uniqueClick_2W2W8GM
Value: ba216dbf-77e0-4daa-ba98-ea5301377071:1662961048
www.or23trk.com/ Name: uniqueClick_2S3BX2C
Value: 5bbd7acb-45c4-47e6-af11-f40760312ae9:1662961048
www.or23trk.com/ Name: transaction_id
Value: 828953ae408343288bbdb05ca86ab160
tracking.t0r4.com/ Name: afclick
Value: 631ec5997cda5f0001d317dc
tracking.t0r4.com/ Name: afoffers
Value: {"1212":1662961049}
.zzotrack.com/ Name: ff5c1bc0-53f1-4573-8083-234256664f4d-v4
Value: 1Ue_QJ-TVd_N3EgTpGc8m02WQRgTEvevdhGaUD0gsSk
.zzotrack.com/ Name: cep-v4
Value: rEi5fo3f1Y7fakkADqt4tGvDWO8VlNRYjBxSQMMXzU27cnNk3glexlXUcyqH5K4J3XWsuVhYfeiJt7cKiwo1uupYwf9dX7zoQ9OszUvZKsx3gEL6UHKnTyAbJQec2MkNZhMnHgY-R4cMgnq4hkZPPiRKyRXf5RbkRbVqlprZBpdQ_ofNZQBC_QRyc4pAxQSGaSIVSu44do1n0_Gm13UKZGkTX6bNmA1qLWh8ww6uQV2Sa169S3GTE_6jxBNl091PpFM9-CcN-NXFpVVVH7x0g0lti2njl4rW6T2-IHT2Lq5Atr7FlJDLt3cYfUKb9Y55pQ_biuleurLFYIU0oLpcTcs_yiANru1fCHJfhEhMP4MV9X68lN_PrA1g7lUUOzdIvGGIv7HW4FWbcLGBxft-yi-lv-7hab0Zj8q_c0oaH5h7ViUfpOzP9dnIQ4dM4HIGxSm6zx1izs2QHZS1JXWs-w
dtfnsa.com/ Name: wl
Value: %7B%22attributes%22%3A%7B%22ttl%22%3Anull%2C%22value%22%3A%22a%3A13%3A%7Bs%3A3%3A%5C%22cep%5C%22%3Bs%3A470%3A%5C%22Qj5qJItmgDZnw_rF2DL0CRlXX0xZ2qBiovAHsTNKUBNhWLunlvZ0KaytlJYgKwKAH80xn0QtWBRHFRzCrJ6hto4FCpWXYHEXJXzRb420JTAu3u6jzgt__pRFn17YPXchwT53ZZKCUFXOr8xSlk7h_PFEuYdktbPS4sbqCI7C7X87KpG-5sN_AvFlQCHCYzz_Xld7-Q0xQLvjZHa6W-wjjTk9-n18EQT-8DrZCxRqTxGR0a36T4HmDLsg0XqMpbUSq66zCjdhyGVz-D7df1WFLBZ5hSvwCgfR543of3enEPjc3__YwtNlI8Un6HnHtuvNbS7kWtHNWBsD-3GPsf-kSlEjUamOPc9w0Euuzl9dXJcyrHG5WRYCdB8wfhQEbv01FBdmKS4pOR0zC11-YaNKJdG54Vgeex63gln7KN7TFrWYc5Qr8Wf4vM1_cVZz1DSq8C-hP41fBamSj2WyxWf4yw%5C%22%3Bs%3A7%3A%5C%22clickid%5C%22%3Bs%3A24%3A%5C%22631ec5997cda5f0001d317dc%5C%22%3Bs%3A5%3A%5C%22data3%5C%22%3Bs%3A4%3A%5C%221212%5C%22%3Bs%3A5%3A%5C%22data4%5C%22%3Bs%3A0%3A%5C%22%5C%22%3Bs%3A5%3A%5C%22email%5C%22%3Bs%3A0%3A%5C%22%5C%22%3Bs%3A3%3A%5C%22geo%5C%22%3Bs%3A2%3A%5C%22DE%5C%22%3Bs%3A7%3A%5C%22lptoken%5C%22%3Bs%3A20%3A%5C%22169c6222968228b04996%5C%22%3Bs%3A8%3A%5C%22offer_id%5C%22%3Bs%3A4%3A%5C%221212%5C%22%3Bs%3A3%3A%5C%22pid%5C%22%3Bs%3A2%3A%5C%2210%5C%22%3Bs%3A4%3A%5C%22reff%5C%22%3Bs%3A0%3A%5C%22%5C%22%3Bs%3A4%3A%5C%22sub1%5C%22%3Bs%3A3%3A%5C%22818%5C%22%3Bs%3A4%3A%5C%22sub2%5C%22%3Bs%3A4%3A%5C%221252%5C%22%3Bs%3A12%3A%5C%22utm_campaign%5C%22%3Bs%3A2%3A%5C%2210%5C%22%3B%7D%22%7D%7D
alexatracker.com/ Name: trbarid
Value: f7ca13c329e9059c2722ef6e400ce8d28fc1ffaa3f4a6acc9e5c6306c31d0401a%3A2%3A%7Bi%3A0%3Bs%3A7%3A%22trbarid%22%3Bi%3A1%3Bi%3A1615235565582468506%3B%7D
.google.com/ Name: NID
Value: 511=LYUQngqWoa7cMxMwTDrIpOC4DzwnqvNUKrhF7oWi4XFVgAUZHg8tnk6Mqvj6DU37j18tkUepFRtBR6-d7w1Wu98qETaUOH4xvPdvAZU7fKlorw6JSvd7CSgic3DBApGqDj9XrCkket5WaxpAqnhd3aPS9VGvfpBs20MjOwBfjU4

1 Console Messages

Source Level URL
Text
network error URL: https://accounts.google.com/v3/signin/identifier?dsh=S498447%3A1662961051044901&continue=https%3A%2F%2Flh3.google.com%2Fu%2F0%2Fd%2F1l0frEmdXyaOzgdSdyzEFLxHRz8nZsme1xNv0ZMbsDI0%3Dw100&hl=en&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AQDHYWrgzkmUPZiHWfE1kw-iRcrZaHIz2zjRtVpWIRnbOhbzPCpzqW6PzhOU_7Jeje10nk_4-n1F
Message:
Failed to load resource: the server responded with a status of 403 ()