flortactheo.gq Open in urlscan Pro
2a06:98c1:3121::7 Public Scan

Go To Rescan
Add Verdict Report

URL:
http://flortactheo.gq/
Submission: On March 02 via api (March 2nd 2022, 11:00:15 am UTC) from PL — Scanned from DE

Summary HTTP 138 Redirects Links 21 Behaviour Indicators

Summary

This website contacted 32 IPs in 9 countries across 28 domains to perform 138 HTTP transactions. The main IP is 2a06:98c1:3121::7, located in United States and belongs to CLOUDFLARENET, US. The main domain is flortactheo.gq.

This is the only time flortactheo.gq was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
40	2a06:98c1:312... 2a06:98c1:3121::7	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2606:4700:20:... 2606:4700:20::681a:e1b	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2a00:1450:400... 2a00:1450:4001:831::2008	15169 (GOOGLE) (GOOGLE)
1 4	185.11.128.205 185.11.128.205	50599 (Autonomou...) (Autonomous System for Data Space Sp. z o.o.)
9	2606:4700:10:... 2606:4700:10::6816:28b9	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	2a03:2880:f02... 2a03:2880:f02d:12:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
2	146.59.30.96 146.59.30.96	16276 (OVH) (OVH)
1	142.250.186.98 142.250.186.98	15169 (GOOGLE) (GOOGLE)
2	2a03:2880:f11... 2a03:2880:f11c:8083:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
15	2a00:1450:400... 2a00:1450:4001:810::200e	15169 (GOOGLE) (GOOGLE)
12	2a00:1450:400... 2a00:1450:4001:803::2002	15169 (GOOGLE) (GOOGLE)
3	142.250.185.130 142.250.185.130	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:802::2002	15169 (GOOGLE) (GOOGLE)
1	2600:9000:206... 2600:9000:206f:5800:11:a4de:2580:93a1	16509 (AMAZON-02) (AMAZON-02)
4	2606:4700:10:... 2606:4700:10::ac43:c60	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:400c:c00::9b	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:808::2004	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:803::2003	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:80e::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:830::2002	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:808::2001	15169 (GOOGLE) (GOOGLE)
7	2a00:1450:400... 2a00:1450:4001:82a::2001	15169 (GOOGLE) (GOOGLE)
3 10	142.250.186.66 142.250.186.66	15169 (GOOGLE) (GOOGLE)
3 5	2.18.234.21 2.18.234.21	16625 (AKAMAI-AS) (AKAMAI-AS)
3 4	185.33.220.145 185.33.220.145	29990 (ASN-APPNEX) (ASN-APPNEX)
1	138.201.63.117 138.201.63.117	24940 (HETZNER-AS) (HETZNER-AS)
1 4	138.201.84.245 138.201.84.245	24940 (HETZNER-AS) (HETZNER-AS)
1	2a00:1450:400... 2a00:1450:4001:811::200a	15169 (GOOGLE) (GOOGLE)
1	54.36.108.3 54.36.108.3	16276 (OVH) (OVH)
1	2a02:fa8:8806... 2a02:fa8:8806:12::1400	41041 (VCLK-EU-SE) (VCLK-EU-SE)
1 1	185.29.134.248 185.29.134.248	30419 (MEDIAMATH...) (MEDIAMATH-INC)
1 2	2606:4700::68... 2606:4700::6812:d05	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2 2	37.157.4.41 37.157.4.41	198622 (ADFORM) (ADFORM)
1 1	69.173.144.139 69.173.144.139	26667 (RUBICONPR...) (RUBICONPROJECT)
1 1	2600:9000:224... 2600:9000:224a:6200:1b:5138:8a40:93a1	16509 (AMAZON-02) (AMAZON-02)
2 2	76.223.111.18 76.223.111.18	16509 (AMAZON-02) (AMAZON-02)
138	32

40 2a06:98c1:3121::7 (United States)

ASN13335 (CLOUDFLARENET, US)

flortactheo.gq	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:20::681a:e1b (United States)

ASN13335 (CLOUDFLARENET, US)

img.wprost.pl	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:831::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 185.11.128.205 (Poland) 1 redirects

ASN50599 (Autonomous System for Data Space Sp. z o.o., PL)
PTR: host-185-11-128-205.dataspace.pl

advice.hit.gemius.pl	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2606:4700:10::6816:28b9 (United States)

ASN13335 (CLOUDFLARENET, US)

api.deep.bi	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a03:2880:f02d:12:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 146.59.30.96 (France)

ASN16276 (OVH, FR)
PTR: ip96.ip-146-59-30.eu

ls.hit.gemius.pl	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.186.98 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s06-in-f2.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f11c:8083:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

15 2a00:1450:4001:810::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 2a00:1450:4001:803::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 142.250.185.130 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s50-in-f2.1e100.net

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:802::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:206f:5800:11:a4de:2580:93a1 (United States)

ASN16509 (AMAZON-02, US)

get.optad360.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2606:4700:10::ac43:c60 (United States)

ASN13335 (CLOUDFLARENET, US)

scoring.deep.bi	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c00::9b (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:808::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:803::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80e::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:830::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:808::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

2fd01d3a1c917271c9e715357d1c4fbe.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:4001:82a::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 142.250.186.66 (United States) 3 redirects

ASN15169 (GOOGLE, US)
PTR: fra24s05-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2.18.234.21 (Frankfurt am Main, Germany) 3 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-234-21.deploy.static.akamaitechnologies.com

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 185.33.220.145 (Amsterdam, Netherlands) 3 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 623.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 138.201.63.117 (Reilingen, Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.117.63.201.138.clients.your-server.de

hal9000.redintelligence.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 138.201.84.245 (Germany) 1 redirects

ASN24940 (HETZNER-AS, DE)
PTR: static.245.84.201.138.clients.your-server.de

hal900025.redintelligence.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:811::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.36.108.3 (France)

ASN16276 (OVH, FR)
PTR: ns3112796.ip-54-36-108.eu

cdn.contentspread.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:fa8:8806:12::1400 (Singapore)

ASN41041 (VCLK-EU-SE, US)

dclk-match.dotomi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.29.134.248 (United Kingdom) 1 redirects

ASN30419 (MEDIAMATH-INC, US)

sync.mathtag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6812:d05 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

a.tribalfusion.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
s.tribalfusion.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 37.157.4.41 (Denmark) 2 redirects

ASN198622 (ADFORM, DK)

c1.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 69.173.144.139 (Frankfurt am Main, Germany) 1 redirects

ASN26667 (RUBICONPROJECT, US)

pixel.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:224a:6200:1b:5138:8a40:93a1 (United States) 1 redirects

ASN16509 (AMAZON-02, US)

s.ad.smaato.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 76.223.111.18 (United States) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: a0f671730127a0812.awsglobalaccelerator.com

eb2.3lift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
40	flortactheo.gq flortactheo.gq	587 KB
18	googlesyndication.com 2fd01d3a1c917271c9e715357d1c4fbe.safeframe.googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 90 tpc.googlesyndication.com — Cisco Umbrella Rank: 122	97 KB
17	doubleclick.net 3 redirects googleads.g.doubleclick.net — Cisco Umbrella Rank: 38 securepubads.g.doubleclick.net — Cisco Umbrella Rank: 159 stats.g.doubleclick.net — Cisco Umbrella Rank: 68 cm.g.doubleclick.net — Cisco Umbrella Rank: 176	147 KB
15	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 31	21 KB
13	deep.bi api.deep.bi — Cisco Umbrella Rank: 68087 scoring.deep.bi — Cisco Umbrella Rank: 116183	22 KB
6	gemius.pl 1 redirects advice.hit.gemius.pl — Cisco Umbrella Rank: 300202 ls.hit.gemius.pl — Cisco Umbrella Rank: 11780	19 KB
5	redintelligence.net 1 redirects hal9000.redintelligence.net — Cisco Umbrella Rank: 28803 hal900025.redintelligence.net — Cisco Umbrella Rank: 222939	10 KB
5	casalemedia.com 3 redirects dsum-sec.casalemedia.com — Cisco Umbrella Rank: 496	4 KB
4	adnxs.com 3 redirects ib.adnxs.com — Cisco Umbrella Rank: 205	4 KB
4	google.com www.google.com — Cisco Umbrella Rank: 2 adservice.google.com — Cisco Umbrella Rank: 57	2 KB
4	facebook.net connect.facebook.net — Cisco Umbrella Rank: 124	200 KB
3	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 54	152 KB
2	3lift.com 2 redirects eb2.3lift.com — Cisco Umbrella Rank: 346	947 B
2	adform.net 2 redirects c1.adform.net — Cisco Umbrella Rank: 524	1 KB
2	tribalfusion.com 1 redirects a.tribalfusion.com — Cisco Umbrella Rank: 697 s.tribalfusion.com — Cisco Umbrella Rank: 1995	1 KB
2	google.de www.google.de — Cisco Umbrella Rank: 6433	611 B
2	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 147	66 KB
2	facebook.com www.facebook.com — Cisco Umbrella Rank: 96	425 B
2	wprost.pl img.wprost.pl — Cisco Umbrella Rank: 280591	187 KB
1	smaato.net 1 redirects s.ad.smaato.net — Cisco Umbrella Rank: 698	439 B
1	rubiconproject.com 1 redirects pixel.rubiconproject.com — Cisco Umbrella Rank: 289	456 B
1	mathtag.com 1 redirects sync.mathtag.com — Cisco Umbrella Rank: 384	860 B
1	dotomi.com dclk-match.dotomi.com — Cisco Umbrella Rank: 2666	104 B
1	contentspread.net cdn.contentspread.net — Cisco Umbrella Rank: 45661	62 KB
1	googleapis.com ajax.googleapis.com — Cisco Umbrella Rank: 251	32 KB
1	google.ru adservice.google.ru — Cisco Umbrella Rank: 22658	792 B
1	optad360.io get.optad360.io — Cisco Umbrella Rank: 24237	247 KB
1	googleadservices.com www.googleadservices.com — Cisco Umbrella Rank: 101	15 KB
138	28

	Domain	Requested by
40	flortactheo.gq	flortactheo.gq
15	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com flortactheo.gq
10	cm.g.doubleclick.net	3 redirects googleads.g.doubleclick.net 2fd01d3a1c917271c9e715357d1c4fbe.safeframe.googlesyndication.com
9	pagead2.googlesyndication.com	securepubads.g.doubleclick.net 2fd01d3a1c917271c9e715357d1c4fbe.safeframe.googlesyndication.com googleads.g.doubleclick.net tpc.googlesyndication.com
9	api.deep.bi	flortactheo.gq api.deep.bi
7	tpc.googlesyndication.com	securepubads.g.doubleclick.net 2fd01d3a1c917271c9e715357d1c4fbe.safeframe.googlesyndication.com tpc.googlesyndication.com googleads.g.doubleclick.net
5	dsum-sec.casalemedia.com	3 redirects googleads.g.doubleclick.net
4	hal900025.redintelligence.net	1 redirects 2fd01d3a1c917271c9e715357d1c4fbe.safeframe.googlesyndication.com hal900025.redintelligence.net
4	ib.adnxs.com	3 redirects googleads.g.doubleclick.net
4	scoring.deep.bi	api.deep.bi
4	connect.facebook.net	flortactheo.gq connect.facebook.net
4	advice.hit.gemius.pl	1 redirects flortactheo.gq advice.hit.gemius.pl
3	www.google.com	flortactheo.gq tpc.googlesyndication.com
3	securepubads.g.doubleclick.net	flortactheo.gq securepubads.g.doubleclick.net
3	googleads.g.doubleclick.net	www.googleadservices.com 2fd01d3a1c917271c9e715357d1c4fbe.safeframe.googlesyndication.com flortactheo.gq
3	www.googletagmanager.com	flortactheo.gq
2	eb2.3lift.com	2 redirects
2	c1.adform.net	2 redirects
2	2fd01d3a1c917271c9e715357d1c4fbe.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
2	www.google.de	flortactheo.gq
2	www.googletagservices.com	flortactheo.gq 2fd01d3a1c917271c9e715357d1c4fbe.safeframe.googlesyndication.com
2	www.facebook.com	flortactheo.gq
2	ls.hit.gemius.pl	advice.hit.gemius.pl ls.hit.gemius.pl
2	img.wprost.pl	flortactheo.gq
1	s.ad.smaato.net	1 redirects
1	pixel.rubiconproject.com	1 redirects
1	s.tribalfusion.com
1	a.tribalfusion.com	1 redirects
1	sync.mathtag.com	1 redirects
1	dclk-match.dotomi.com	2fd01d3a1c917271c9e715357d1c4fbe.safeframe.googlesyndication.com
1	cdn.contentspread.net	hal900025.redintelligence.net
1	ajax.googleapis.com	hal900025.redintelligence.net
1	hal9000.redintelligence.net	2fd01d3a1c917271c9e715357d1c4fbe.safeframe.googlesyndication.com
1	adservice.google.com	securepubads.g.doubleclick.net
1	adservice.google.ru	securepubads.g.doubleclick.net
1	stats.g.doubleclick.net	www.google-analytics.com
1	get.optad360.io	flortactheo.gq
1	www.googleadservices.com	www.googletagmanager.com
138	38

This site contains links to these domains. Also see Links.

Domain
nieruchomosci.wprost.pl
www.allcon.pl
www.facebook.com
twitter.com
www.wykop.pl
www.linkedin.com
wwws.tumblr.com
pinterest.com
www.youtube.com
www.wprost.pl

Subject Issuer	Validity	Valid
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2021-06-18` - `2022-06-17`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2022-02-17` - `2022-05-12`	3 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2021-12-09` - `2022-03-09`	3 months	crt.sh
*.hit.gemius.pl Sectigo ECC Domain Validation Secure Server CA	`2021-09-08` - `2022-09-25`	a year	crt.sh
www.googleadservices.com GTS CA 1C3	`2022-02-17` - `2022-05-12`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2022-02-17` - `2022-05-12`	3 months	crt.sh
www.google.com GTS CA 1C3	`2022-02-17` - `2022-05-12`	3 months	crt.sh
www.google.de GTS CA 1C3	`2022-02-17` - `2022-05-12`	3 months	crt.sh
*.google.com.ru GTS CA 1C3	`2022-02-17` - `2022-05-12`	3 months	crt.sh
*.google.com GTS CA 1C3	`2022-02-17` - `2022-05-12`	3 months	crt.sh
*.google.de GTS CA 1C3	`2022-02-17` - `2022-05-12`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2022-02-17` - `2022-05-12`	3 months	crt.sh
redintelligence.net R3	`2022-01-27` - `2022-04-27`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2022-02-17` - `2022-05-12`	3 months	crt.sh
contentspread.net R3	`2022-01-27` - `2022-04-27`	3 months	crt.sh
*.dotomi.com GlobalSign RSA OV SSL CA 2018	`2021-08-10` - `2022-09-11`	a year	crt.sh

This page contains 12 frames:

Primary Page: http://flortactheo.gq/
Frame ID: 15F3E9CD4250F0F264B0DAFD4107BCDB
Requests: 94 HTTP requests in this frame

Frame: http://ls.hit.gemius.pl/lsget.html
Frame ID: BEFDA6C9BAD9D644E3BFF4FAC93901B1
Requests: 1 HTTP requests in this frame

Frame: https://ls.hit.gemius.pl/lsget.html?mode=new
Frame ID: 9D8B2522477ABDD090038BB18EBAC840
Requests: 1 HTTP requests in this frame

Frame: https://2fd01d3a1c917271c9e715357d1c4fbe.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: A5D0D3727A86809B33EB02235AAB2503
Requests: 1 HTTP requests in this frame

Frame: https://www.facebook.com/tr/
Frame ID: D0A9C2BC02050D9322CA024AEF511BCF
Requests: 1 HTTP requests in this frame

Frame: https://2fd01d3a1c917271c9e715357d1c4fbe.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 649626215C68BE0B6DCA0678927D896D
Requests: 11 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhCn9EsYr8jFlQEwAQ&v=APEucNWMDbfs_Gv9GAzHyAH2PRnclIrExkTNVdzud8N9EJrq1GgmTOynDnLnwmujA3L9zTX9ax66hFfSEU0cipN7MD_uscMnjQj1HLR0CWVHwt6n7_iTGghrHjim2uoApuVC5wP8ut4Ys8fH5r7SP4wG7UHmW9Q_qc_LqDMZOVQYgyuhIpSZbzs
Frame ID: 32452DAD08838B9BD171D79E4A14AEC5
Requests: 5 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: D1C7D88038D7F8C7DCFE816F772AAC3D
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 6A3CB81453E837C3740A72FEDAFACD07
Requests: 2 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 40F8F3E9D98869B842622568AA8FEC87
Requests: 3 HTTP requests in this frame

Frame: https://hal900025.redintelligence.net/request_content.php?s=27882900118575300710624011886025&a=35e6f0d3
Frame ID: 8335F16A1108FD5AAB7E24B687D07D08
Requests: 5 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 15171D068C1EFB3C2293B0ED213AA846
Requests: 9 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Gdzie inwestować w Gdańsku? – Wiadomości Nieruchomości Wprost

Detected technologies

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

DoubleClick for Publishers (DFP) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googletagservices\.com/tag/js/gpt(?:_mobile)?\.js

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Gemius (Analytics) Expand

Overall confidence: 100%
Detected patterns

hit\.gemius\.pl/xgemius\.js
hit\.gemius\.pl
xgemius\.js

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
/([\d.]+)/jquery(?:\.min)?\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

138
Requests

51 %
HTTPS

61 %
IPv6

28
Domains

38
Subdomains

32
IPs

9
Countries

1868 kB
Transfer

4143 kB
Size

30
Cookies

21 Outgoing links

These are links going to different origins than the main page.

URL: https://nieruchomosci.wprost.pl/wiadomosci
Title: Wiadomości

Search URL Search Domain Scan URL

URL: https://nieruchomosci.wprost.pl/inwestowanie-w-nieruchomosci
Title: Inwestowanie w nieruchomości

Search URL Search Domain Scan URL

URL: https://nieruchomosci.wprost.pl/budownictwo
Title: Budownictwo

Search URL Search Domain Scan URL

URL: https://nieruchomosci.wprost.pl/architektura
Title: Architektura

Search URL Search Domain Scan URL

URL: https://www.allcon.pl/mieszkania/apartamenty/mlyny_gdanskie/lokalizacja?utm_source=wprost&utm_medium=artykul&utm_campaign=mg&utm_term=20211029&utm_content=gdzieinwestowacwgdansku
Title: Siedlce

Search URL Search Domain Scan URL

URL: https://www.allcon.pl/mieszkania/apartamenty/mlyny_gdanskie?utm_source=wprost&utm_medium=artykul&utm_campaign=mg&utm_term=20211029&utm_content=gdzieinwestowacwgdansku
Title: Młyny Gdańskie

Search URL Search Domain Scan URL

URL: https://www.facebook.com/share.php?u=https%3A%2F%2Fnieruchomosci.wprost.pl%2Fwiadomosci%2F10532860%2Fgdzie-inwestowac-w-gdansku.html&t=Gdzie%20inwestowa%C4%87%20w%20Gda%C5%84sku%3F
Title: Facebook

Search URL Search Domain Scan URL

URL: https://twitter.com/share?url=https%3A%2F%2Fnieruchomosci.wprost.pl%2F10532860&text=Gdzie%20inwestowa%C4%87%20w%20Gda%C5%84sku%3F
Title: Twitter

Search URL Search Domain Scan URL

URL: https://www.wykop.pl/dodaj?url=https%3A%2F%2Fnieruchomosci.wprost.pl%2Fwiadomosci%2F10532860%2Fgdzie-inwestowac-w-gdansku.html
Title: Wykop

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/shareArticle?url=https%3A%2F%2Fnieruchomosci.wprost.pl%2Fwiadomosci%2F10532860%2Fgdzie-inwestowac-w-gdansku.html&title=Gdzie%20inwestowa%C4%87%20w%20Gda%C5%84sku%3F
Title: Linked In

Search URL Search Domain Scan URL

URL: http://wwws.tumblr.com/share/link?url=https%3A%2F%2Fnieruchomosci.wprost.pl%2Fwiadomosci%2F10532860%2Fgdzie-inwestowac-w-gdansku.html&name=Gdzie%20inwestowa%C4%87%20w%20Gda%C5%84sku%3F&description=
Title: Tumblr

Search URL Search Domain Scan URL

URL: https://pinterest.com/pin/create/button/?url=https%3A%2F%2Fnieruchomosci.wprost.pl%2Fwiadomosci%2F10532860%2Fgdzie-inwestowac-w-gdansku.html&media=https://img.wprost.pl/img/mlyny-gdanskie-sa-efektem-polaczenia-inspiracji-historyczna-zabudowa-gdanska-ze-wspolczesna-architektura-oraz-nowoczesnymi-rozwiazaniami/f5/b0/2ff8f6c4e2e694b02e1d55ecdbb8.jpeg&description=Gdzie%20inwestowa%C4%87%20w%20Gda%C5%84sku%3F
Title: Pinterest

Search URL Search Domain Scan URL

URL: https://www.facebook.com/tygodnikwprost
Title: Nieruchomości Wprost - Facebook

Search URL Search Domain Scan URL

URL: https://twitter.com/TygodnikWPROST
Title: Nieruchomości Wprost - Twitter

Search URL Search Domain Scan URL

URL: https://www.youtube.com/user/AWRWprost
Title: Nieruchomości Wprost - YouTube

Search URL Search Domain Scan URL

URL: https://www.wprost.pl/o-awr-wprost
Title: AWR Wprost

Search URL Search Domain Scan URL

URL: https://www.wprost.pl/kontakt
Title: Kontakt

Search URL Search Domain Scan URL

URL: https://www.wprost.pl/reklama
Title: Reklama

Search URL Search Domain Scan URL

URL: https://www.wprost.pl/regulamin
Title: Regulamin

Search URL Search Domain Scan URL

URL: https://www.wprost.pl/polityka-prywatnosci
Title: Polityka prywatności

Search URL Search Domain Scan URL

URL: https://www.wprost.pl/
Title: Agencja Wydawniczo-Reklamowa „Wprost” Sp. z o.o.

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 13

http://connect.facebook.net/pl_PL/sdk.js HTTP 307
https://connect.facebook.net/pl_PL/sdk.js

Request Chain 52

http://www.googletagmanager.com/gtag/js?id=G-76JW1KVZM8&l=dataLayer&cx=c HTTP 307
https://www.googletagmanager.com/gtag/js?id=G-76JW1KVZM8&l=dataLayer&cx=c

Request Chain 85

https://advice.hit.gemius.pl/_1646218809912/rexdot.js?l=100&id=bPo70ouuVF6BwErIBuw7vsQM7KSWflChLqi.FWhl1jr.m7&et=view&hsrc=1&initsonar=1&extra=&eventid=0&fr=1&tz=0&fv=-&href=http%3A%2F%2Fflortactheo.gq%2F&ref=&screen=1600x1200r1000&col=24&window=1600x1200&ltime=381&lsdata=lzbHcqm6y3QvBjocHiF9FOF_oIsd3gFVrfCjAEgE.w..W7IasLsu6HSllFFttudIaRTKZZ7C7KAMEtDPMFgiCZYbEhgM/8QX9U0wa28NIi/&fpdata=ajy8I0yxkP1drsRlD_SdNyj2ilSmuo86545OO2o1BF3.f7&vis=1&lsadd=&fpcap= HTTP 301
https://advice.hit.gemius.pl/__/_1646218809912/rexdot.js?l=100&id=bPo70ouuVF6BwErIBuw7vsQM7KSWflChLqi.FWhl1jr.m7&et=view&hsrc=1&initsonar=1&extra=&eventid=0&fr=1&tz=0&fv=-&href=http%3A%2F%2Fflortactheo.gq%2F&ref=&screen=1600x1200r1000&col=24&window=1600x1200&ltime=381&lsdata=lzbHcqm6y3QvBjocHiF9FOF_oIsd3gFVrfCjAEgE.w..W7IasLsu6HSllFFttudIaRTKZZ7C7KAMEtDPMFgiCZYbEhgM/8QX9U0wa28NIi/&fpdata=ajy8I0yxkP1drsRlD_SdNyj2ilSmuo86545OO2o1BF3.f7&vis=1&lsadd=&fpcap=

Request Chain 105

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEO7Kol4vzM_8rwwv_js6SMY&google_cver=1 HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEO7Kol4vzM_8rwwv_js6SMY&google_cver=1&C=1

Request Chain 106

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=Yh9OOlaZIjudXSfHlWKpWwAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEO7Kol4vzM_8rwwv_js6SMY&google_cver=1

Request Chain 107

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEPsWCYDL9sPNR_b06WNUcDA&google_cver=1 HTTP 307
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEPsWCYDL9sPNR_b06WNUcDA%26google_cver%3D1

Request Chain 108

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NDAxMzA2ODM5OTMxOTQ0MzI4

Request Chain 117

https://hal900025.redintelligence.net/request.php?zone=ma1tq3l10cm4&nw=20&renderingType=javascript&namespace=8d4e8abbe9&subid=&uid=c9f9c55b34525103&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x600&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DC5NUZOU4fYq6NO8GBjuwPvO24kAq1zfmDV5zfuavlDPAuEAEguaG0JWCV4pCCoAfIAQmpAk1fxz5cnrI-qAMBqgTYAU_QnByE2y9k10Zwd3D-SxnLj4ovwpb--3ONK19AtqxuGDbhB95M250ndnxNLnTsDEWfbuvkvix1mTjSTN0CnfBxuyeTdV6FHgvk1V0AyHmdUvrXVWRkw_LV1QQkGLaZNrTPymSkPnUSXAlHxs5o-4lNOxIBqz5ZBoWE-0WwXSCsksS6Uk5EuSWbXqb8BR6MOvD0sblGCdJAKFj-yRz5OmEsKE1mN9mtVhVFqzWlERB37jXgY6H22RPr3IUxjzPIdpFSH8kZXortyJOFJnC3NVjSQQN9w1_uxMAEqp38vs8B4AQDkAYBoAZNgAfr5-heqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB_PRG6gHltgbqAeqm7ECqAffn7EC2AcA0ggJCIDhgBAQARgdgAoDmAsByAsBgAwBsBPcmesN0BMA2BMD2BQB0BUB-BYBgBcB%26ae%3D1%26num%3D1%26cid%3DCAASEuRoZYP_OshwBRXOdCI_s3Zerg%26sig%3DAOD64_2PuUWO_T7uXucjN0GiPmjqObKBjA%26client%3Dca-pub-9649941216925857%26dbm_c%3DAKAmf-DmN0rGMSElxyWLiqoW5LcONmKqWW86Vac5jk9AzN5hanPeJbx8oWMcZgwQxXtZ8TDSXduKXBMTh2NgThBa8U3qLPCOTZhLE5di85EeeUDbJqX-ZFXTYJ1xybeoYrM4qWoekMIo8yp6QcHpl2QEBTmBoNmY9A%26cry%3D1%26dbm_d%3DAKAmf-C4_EqWNekEf9TcU5UGWYGOm_TZMElhG447wiwexJa5sIWNjx1k4SK9PJLZ96d-P951i5JWl6Li3T_ps1_JnKBdwWtZmhRIqG9e3BxrHig5Y2Ha8x5D8LGIWm0HAZj2WFys40lQOnUwFAk-9r5flVI-KWJ_jYkmjMWZBFf3i7BKyIlA33RLKvNcziP7M6jJbSUslsJzYk2le2AzU7S2JtaU697MiUWV0v84dusDlXyyemATberigJrWf2QRYNbOOBbJYdx9jluyb2V_gO_n_5HxGjbwhwweIEZIC217RoEYPEC17x2s-SJwyVRbzKHeuf0bq1ojoOf7Gt7dJnH3szHCuNLEaNSK2UPsL9LoZUd9aT4xelZhfS7e2sMT2WIiasFbzTlJ9jTAEPqkm-RU4oS_cB1k3Q%26adurl%3D&documentReferer=http%3A%2F%2Fflortactheo.gq%2F&ancestorOrigins=http%3A%2F%2Fflortactheo.gq&random=7351180965659&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0 HTTP 302
https://hal900025.redintelligence.net/request.php?zone=ma1tq3l10cm4&nw=20&renderingType=javascript&namespace=8d4e8abbe9&subid=&uid=c9f9c55b34525103&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x600&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DC5NUZOU4fYq6NO8GBjuwPvO24kAq1zfmDV5zfuavlDPAuEAEguaG0JWCV4pCCoAfIAQmpAk1fxz5cnrI-qAMBqgTYAU_QnByE2y9k10Zwd3D-SxnLj4ovwpb--3ONK19AtqxuGDbhB95M250ndnxNLnTsDEWfbuvkvix1mTjSTN0CnfBxuyeTdV6FHgvk1V0AyHmdUvrXVWRkw_LV1QQkGLaZNrTPymSkPnUSXAlHxs5o-4lNOxIBqz5ZBoWE-0WwXSCsksS6Uk5EuSWbXqb8BR6MOvD0sblGCdJAKFj-yRz5OmEsKE1mN9mtVhVFqzWlERB37jXgY6H22RPr3IUxjzPIdpFSH8kZXortyJOFJnC3NVjSQQN9w1_uxMAEqp38vs8B4AQDkAYBoAZNgAfr5-heqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB_PRG6gHltgbqAeqm7ECqAffn7EC2AcA0ggJCIDhgBAQARgdgAoDmAsByAsBgAwBsBPcmesN0BMA2BMD2BQB0BUB-BYBgBcB%26ae%3D1%26num%3D1%26cid%3DCAASEuRoZYP_OshwBRXOdCI_s3Zerg%26sig%3DAOD64_2PuUWO_T7uXucjN0GiPmjqObKBjA%26client%3Dca-pub-9649941216925857%26dbm_c%3DAKAmf-DmN0rGMSElxyWLiqoW5LcONmKqWW86Vac5jk9AzN5hanPeJbx8oWMcZgwQxXtZ8TDSXduKXBMTh2NgThBa8U3qLPCOTZhLE5di85EeeUDbJqX-ZFXTYJ1xybeoYrM4qWoekMIo8yp6QcHpl2QEBTmBoNmY9A%26cry%3D1%26dbm_d%3DAKAmf-C4_EqWNekEf9TcU5UGWYGOm_TZMElhG447wiwexJa5sIWNjx1k4SK9PJLZ96d-P951i5JWl6Li3T_ps1_JnKBdwWtZmhRIqG9e3BxrHig5Y2Ha8x5D8LGIWm0HAZj2WFys40lQOnUwFAk-9r5flVI-KWJ_jYkmjMWZBFf3i7BKyIlA33RLKvNcziP7M6jJbSUslsJzYk2le2AzU7S2JtaU697MiUWV0v84dusDlXyyemATberigJrWf2QRYNbOOBbJYdx9jluyb2V_gO_n_5HxGjbwhwweIEZIC217RoEYPEC17x2s-SJwyVRbzKHeuf0bq1ojoOf7Gt7dJnH3szHCuNLEaNSK2UPsL9LoZUd9aT4xelZhfS7e2sMT2WIiasFbzTlJ9jTAEPqkm-RU4oS_cB1k3Q%26adurl%3D&documentReferer=http%3A%2F%2Fflortactheo.gq%2F&ancestorOrigins=http%3A%2F%2Fflortactheo.gq&random=7351180965659&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1

Request Chain 126

https://sync.mathtag.com/sync/img?mt_exid=4&google_gid=CAESEEIYqVH_fEr3m56no1Sza8A&google_cver=1&google_push=AYg5qPJsyRSX6eqvQ4fidpNyvQhvSJ0iLF3682xR6s0QFEQ1NC7lySDPhambuxCR6ARO0pEj9Aq7cAGmg24mvLS39KIj7q2kdg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=&google_push=AYg5qPJsyRSX6eqvQ4fidpNyvQhvSJ0iLF3682xR6s0QFEQ1NC7lySDPhambuxCR6ARO0pEj9Aq7cAGmg24mvLS39KIj7q2kdg

Request Chain 127

https://a.tribalfusion.com/i.match?p=b6&u=CAESEFGFnH-Nwmk6lSOvBklOiz0&google_cver=1&google_push=AYg5qPKFaAUUx1DjGf9A9PaJCQdCuQKrVw1G47c-ZHohx0mLcKzquj2EOTaSjKOMBLBmTUoDFxr20dsPlEVl8t_ZLccPBOmvuVM&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAYg5qPKFaAUUx1DjGf9A9PaJCQdCuQKrVw1G47c-ZHohx0mLcKzquj2EOTaSjKOMBLBmTUoDFxr20dsPlEVl8t_ZLccPBOmvuVM%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24 HTTP 302
https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEFGFnH-Nwmk6lSOvBklOiz0&google_cver=1&google_push=AYg5qPKFaAUUx1DjGf9A9PaJCQdCuQKrVw1G47c-ZHohx0mLcKzquj2EOTaSjKOMBLBmTUoDFxr20dsPlEVl8t_ZLccPBOmvuVM&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAYg5qPKFaAUUx1DjGf9A9PaJCQdCuQKrVw1G47c-ZHohx0mLcKzquj2EOTaSjKOMBLBmTUoDFxr20dsPlEVl8t_ZLccPBOmvuVM%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24

Request Chain 128

https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESEE7X1zOD7YOtL6Ic0YLZgVQ&google_cver=1&google_push=AYg5qPKMoWCxcOLioxikiOJ_h5LBRvpa_0lt6Q7PLBBwubT367Rt4xpYUl19p02TZFkJK8gn2eEysuj8BGOsDfSiDFUjHBsDvg HTTP 302
https://c1.adform.net/serving/cookie/match/?CC=1&party=1&google_gid=CAESEE7X1zOD7YOtL6Ic0YLZgVQ&google_cver=1&google_push=AYg5qPKMoWCxcOLioxikiOJ_h5LBRvpa_0lt6Q7PLBBwubT367Rt4xpYUl19p02TZFkJK8gn2eEysuj8BGOsDfSiDFUjHBsDvg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=MTI3NzYzMDg1MTI1ODQ2MjQ3MA&google_push=AYg5qPKMoWCxcOLioxikiOJ_h5LBRvpa_0lt6Q7PLBBwubT367Rt4xpYUl19p02TZFkJK8gn2eEysuj8BGOsDfSiDFUjHBsDvg

Request Chain 129

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEB45GTpINGvD21AZOw8ftjk&google_cver=1&google_push=AYg5qPK-5ZQCNpxmL2DlNo9KalwRTVMEJ8bLCzMz6FLEv6DS_A9xwRPcVzSavTyOCWYmZ-vHU9TZ5M5ETPzpdoFGsqGHxNo5-O8 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDA5RzZCVlktMi03OEdZ&google_push=AYg5qPK-5ZQCNpxmL2DlNo9KalwRTVMEJ8bLCzMz6FLEv6DS_A9xwRPcVzSavTyOCWYmZ-vHU9TZ5M5ETPzpdoFGsqGHxNo5-O8

Request Chain 130

https://s.ad.smaato.net/c/n///-?adNetInit=g&google_gid=CAESEILnX4J-LTMsJ604jbpIpW4&google_cver=1&google_push=AYg5qPLKyAqliQ6oIlEbMt9ZqefcYf2BEEQAccsbC3G6UCzWj7wKcI4D8dlmly85ImU0sSnVd9Ga-74tSQUQSKRYPMdqvSAMftI HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=smaato&google_push=AYg5qPLKyAqliQ6oIlEbMt9ZqefcYf2BEEQAccsbC3G6UCzWj7wKcI4D8dlmly85ImU0sSnVd9Ga-74tSQUQSKRYPMdqvSAMftI

Request Chain 131

https://eb2.3lift.com/ebda?sync=1&google_gid=CAESENlFKoBBMaxrwpKcjnmzCl4&google_cver=1&google_push=AYg5qPIQo94BcVlNs25fcVMu4SwDvYo2jEv10GPsiEdeqbrabCDEILiYnFUKoa5fOyA7J2KQTPIP5fZebT5CQk29DrqOlHhiIkc HTTP 302
https://eb2.3lift.com/sync/google/supply?ld=1&gdpr=1&cmp_cs=&us_privacy=&sync=1&google_push=AYg5qPIQo94BcVlNs25fcVMu4SwDvYo2jEv10GPsiEdeqbrabCDEILiYnFUKoa5fOyA7J2KQTPIP5fZebT5CQk29DrqOlHhiIkc&google_gid=CAESENlFKoBBMaxrwpKcjnmzCl4 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=MjQ1ODg1ODI5NDUzMDUzNTYwMjk5Mw%3D%3D&google_push=AYg5qPIQo94BcVlNs25fcVMu4SwDvYo2jEv10GPsiEdeqbrabCDEILiYnFUKoa5fOyA7J2KQTPIP5fZebT5CQk29DrqOlHhiIkc

138 HTTP transactions
2 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request / Show response
flortactheo.gq/ 59 KB
14 KB 585ms
544ms Document
text/html 2a06:98c1:3121::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: http://flortactheo.gq/
Protocol: HTTP/1.1
Server: 2a06:98c1:3121::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / PHP/7.2.34
Resource Hash: 35afb774f93baadbff26bddc324582f3ddb6709f1ee3ed7dca47392db7fdc981

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9

Response headers

Date: Wed, 02 Mar 2022 11:00:09 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/7.2.34
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2F7HMzrenZ%2FrsjTXZ%2FNWObHdy0WuYNO1hs3frGqK7tm9sifZtFzLodOmMta%2Bblzye2tB4c1xJ5LJydi2m1h2p1C6w5aUdMf%2FbYKiKPP54IewTI7vHTK8QVy2Mt4OciROTjzmlDBwNwVk4xp9Idg%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 6e59a0822b063751-MXP
Content-Encoding: gzip
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 cee17864dc7f5e599a89712f12c8.jpeg
img.wprost.pl/img/mlyny-gdanskie-sa-efektem-polaczenia-inspiracji-historyczna-zabudowa-gdanska-ze-wspolczesna-architektura-oraz-nowoczesnymi-rozwiazaniami/5b/fe/ 116 KB
116 KB 339ms
272ms Image
image/jpeg 2606:4700:20::681a:e1b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://img.wprost.pl/img/mlyny-gdanskie-sa-efektem-polaczenia-inspiracji-historyczna-zabudowa-gdanska-ze-wspolczesna-architektura-oraz-nowoczesnymi-rozwiazaniami/5b/fe/cee17864dc7f5e599a89712f12c8.jpeg

Requested by

Host: flortactheo.gq
URL: http://flortactheo.gq/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:e1b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

662c42d2b9d5c15f548ec750617d497cea2d63158b7aa9953ac97e20dc3bfb99

Security Headers

Name	Value
Strict-Transport-Security	max-age=16000000; includeSubDomains; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://flortactheo.gq/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 02 Mar 2022 11:00:09 GMT
via: 1.1 varnish (Varnish/6.0)
vary: Accept-Encoding
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-type: image/jpeg
content-length: 118620
last-modified: Fri, 29 Oct 2021 12:21:21 GMT
server: cloudflare
etag: "1e24cd32ab260adee2b23e1a78a16c2f"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=16000000; includeSubDomains; preload;
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HnKeKeMXUZuubqqzpd%2BmFPgYgucS3%2FXwjd7UZH%2F0B4YFlGdzy1DgXW3BVvd7uUfx81jkdFspIWBkzBUwEhyukI45GapTN68Of2ELG%2FJD1aHVFAfcQeRHiXwDlPBDdJstUcd4OxqW0jDKf1A%3D"}],"group":"cf-nel","max_age":604800}
x-varnish: 876051164
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 6e59a08619c10e16-MXP

GET
H/1.1 200
OK OpenSans-Roboto-RobotoCondensed-define-layout-forms-header-menu-lightbox-nieruchomosci-paywall-message-1bc0e998e299128c73ed5100c28b2951-content.css
flortactheo.gq/_static/ 543 KB
88 KB 65ms
51ms Stylesheet
text/css 2a06:98c1:3121::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: http://flortactheo.gq/_static/OpenSans-Roboto-RobotoCondensed-define-layout-forms-header-menu-lightbox-nieruchomosci-paywall-message-1bc0e998e299128c73ed5100c28b2951-content.css
Requested by: Host: flortactheo.gq
URL: http://flortactheo.gq/
Protocol: HTTP/1.1
Server: 2a06:98c1:3121::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f8b3082371bd6a0093087b633647e5a3f3ec1ef0e97e982814f86821f8512bfc

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://flortactheo.gq/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Wed, 02 Mar 2022 11:00:09 GMT
Content-Encoding: gzip
CF-Cache-Status: HIT
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Age: 2037
Transfer-Encoding: chunked
Connection: keep-alive
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
Last-Modified: Wed, 02 Mar 2022 09:23:57 GMT
Server: cloudflare
ETag: W/"621f37ad-87c93"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AgkhUzHf76lrYRFNS2Q69yvPgVLLhTTi0lGuMU4vM3F1SLsz%2FFf%2FEcpZ1E3k9iO%2B8X5UspZoQHMArILfqr%2B78N18mPNg4tKx0kHFHGeqdmZ8ciSptdZSk4dN4if7sqBodmBhVyQ%2FrT3T0FQ7Xw%3D%3D"}],"group":"cf-nel","max_age":604800}
Content-Type: text/css
Cache-Control: max-age=14400
CF-RAY: 6e59a085bbad3751-MXP

GET
H/1.1 200
OK 414f937b-ee02-4965-9ad2-498152b33573.min.js Show response
flortactheo.gq/items/ 497 B
1 KB 51ms
51ms Script
application/javascript 2a06:98c1:3121::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: http://flortactheo.gq/items/414f937b-ee02-4965-9ad2-498152b33573.min.js
Requested by: Host: flortactheo.gq
URL: http://flortactheo.gq/
Protocol: HTTP/1.1
Server: 2a06:98c1:3121::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: bd7680f0d4768bf17b38b5834d7671e6e456d9655b4ae3cb39186d1fcd93f5c2

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://flortactheo.gq/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Wed, 02 Mar 2022 11:00:09 GMT
Content-Encoding: gzip
CF-Cache-Status: HIT
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Age: 2037
Transfer-Encoding: chunked
Connection: keep-alive
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
Last-Modified: Wed, 02 Mar 2022 09:23:57 GMT
Server: cloudflare
ETag: W/"621f37ad-1f1"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lXACDP2qdC5Am4%2FIxXZNpHHbNIQwc6JPfHijgVzV7Bx9uJgpscS2RAr2yY9VGhqzOrOzB470fbU5WkYnqprJVuZGydu5LQ%2B08XtTiGCJlCaghHAB8N%2B5OY3aIQ3fHWv46rtS7pA%2Bl6ev8%2FTLkQ%3D%3D"}],"group":"cf-nel","max_age":604800}
Content-Type: application/javascript
Cache-Control: max-age=14400
CF-RAY: 6e59a0865ca183a9-MXP

GET
H/1.1 200
OK gpt.js Show response
flortactheo.gq/tag/js/ 77 KB
29 KB 317ms
30ms Script
application/javascript 2a06:98c1:3121::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: http://flortactheo.gq/tag/js/gpt.js
Requested by: Host: flortactheo.gq
URL: http://flortactheo.gq/
Protocol: HTTP/1.1
Server: 2a06:98c1:3121::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 331e14f7226ecaea46e85f54db23f4e7a434969120e39c1a54a8087807ddf830

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://flortactheo.gq/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Wed, 02 Mar 2022 11:00:09 GMT
Content-Encoding: gzip
CF-Cache-Status: HIT
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Age: 2037
Transfer-Encoding: chunked
Connection: keep-alive
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
Last-Modified: Wed, 02 Mar 2022 09:23:57 GMT
Server: cloudflare
ETag: W/"621f37ad-135f5"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=srdgj56M8Pw4B9nEVDvwg5r%2FBFRWVWApXAVzqx81IbCFed0wp4frCbzzk0JDUYehdabtiX3qPaF%2FuoJUKVCgIyYrGDF9PGzlx4yiFAE9SA8sBY39Q8nqRRmv5fk3ZpmKkSaLI0AvyXp2rog5Rw%3D%3D"}],"group":"cf-nel","max_age":604800}
Content-Type: application/javascript
Cache-Control: max-age=14400
CF-RAY: 6e59a088180b59ef-MXP

GET
H/1.1 200
OK 323699896.min.js Show response
flortactheo.gq/tag/ 9 KB
3 KB 336ms
35ms Script
application/javascript 2a06:98c1:3121::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: http://flortactheo.gq/tag/323699896.min.js
Requested by: Host: flortactheo.gq
URL: http://flortactheo.gq/
Protocol: HTTP/1.1
Server: 2a06:98c1:3121::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2ea665fc0455d38b414a5a31a72f3a8e3a3054b6d3f224d73d5d9057f6b2d3db

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://flortactheo.gq/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Wed, 02 Mar 2022 11:00:09 GMT
Content-Encoding: gzip
CF-Cache-Status: HIT
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Age: 2037
Transfer-Encoding: chunked
Connection: keep-alive
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
Last-Modified: Wed, 02 Mar 2022 09:23:57 GMT
Server: cloudflare
ETag: W/"621f37ad-2493"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8YOQVzSjPgpGDFfyaPuG6ZO1MS1tbh%2BYsHfpbuvtV3OOO1f3OPVa19wnndRHCjaEASUIR%2FCiDtA7Xb6gYRRNE%2FEyd3QxsEO7o2OKaBZzybYCm77MZIwMXBmLlbvqMKBixkfa9u5tg%2BHxK1Ke1Q%3D%3D"}],"group":"cf-nel","max_age":604800}
Content-Type: application/javascript
Cache-Control: max-age=14400
CF-RAY: 6e59a0884cf5839d-MXP

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 95 KB
37 KB 44ms
17ms Script
application/javascript 2a00:1450:4001:831::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-8969414-2

Requested by

Host: flortactheo.gq
URL: http://flortactheo.gq/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

16a58cfce70f7aff373eef18d2b420da6e8831018028c0f434341ac8d6e876d0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://flortactheo.gq/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 02 Mar 2022 11:00:09 GMT
content-encoding: br
server: Google Tag Manager
access-control-allow-headers: Cache-Control
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37724
x-xss-protection: 0
expires: Wed, 02 Mar 2022 11:00:09 GMT

GET
H/1.1 200
OK pusty.png
flortactheo.gq/_i/ 95 B
844 B 360ms
39ms Image
image/png 2a06:98c1:3121::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://flortactheo.gq/_i/pusty.png
Requested by: Host: flortactheo.gq
URL: http://flortactheo.gq/
Protocol: HTTP/1.1
Server: 2a06:98c1:3121::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://flortactheo.gq/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Wed, 02 Mar 2022 11:00:09 GMT
CF-Cache-Status: HIT
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Age: 2036
Connection: keep-alive
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
Content-Length: 95
Last-Modified: Wed, 02 Mar 2022 09:23:57 GMT
Server: cloudflare
ETag: "621f37ad-5f"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=454AB6r0kgwqYdjl7CtSL288nMpmgBGCE45ocIeHzxV1P48lPHmr4iGKAItHNlAnTPq%2FYLO6kOgIybsRv5TDXADOw0isbDqM%2FKBvZcOo%2BtK1unf9e9Q45XpL8LWtmyJ%2BrkCTrRlBC5T0ta4tkQ%3D%3D"}],"group":"cf-nel","max_age":604800}
Content-Type: image/png
Cache-Control: max-age=14400
Accept-Ranges: bytes
CF-RAY: 6e59a08858b559ef-MXP

GET
H2 200 daecc84600673be34d903ed5b55c.jpeg
img.wprost.pl/img/mlyny-gdanskie-sa-efektem-polaczenia-inspiracji-historyczna-zabudowa-gdanska-ze-wspolczesna-architektura-oraz-nowoczesnymi-rozwiazaniami/a0/8d/ 69 KB
70 KB 32ms
32ms Image
image/jpeg 2606:4700:20::681a:e1b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Host: flortactheo.gq
URL: http://flortactheo.gq/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:e1b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3932943c42751eb7007d21192da9999a6ee0bd453157a61b0083c13836875912

Security Headers

Name	Value
Strict-Transport-Security	max-age=16000000; includeSubDomains; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://flortactheo.gq/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 02 Mar 2022 11:00:09 GMT
via: 1.1 varnish (Varnish/6.0)
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2035
cf-polished: origSize=71328, status=webp_bigger
content-type: image/jpeg
strict-transport-security: max-age=16000000; includeSubDomains; preload;
content-length: 71098
last-modified: Fri, 29 Oct 2021 12:21:21 GMT
server: cloudflare
etag: "550bb2dd3f100afd4472844c5f9e8d36"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=B3JMGHfrF4kQucFiQLBeUOPH5LnX9iOpkgQYd5DBT1NeQx2aiPMiz9Qmeyst%2B%2B2BjlPEyuLkENgC0GEt7xESWoMurfqNbFR9izuo8FYqNyLwOCk%2B3%2BBXJ900sWTBk7ErUCUcm0tN7hYh5HQ%3D"}],"group":"cf-nel","max_age":604800}
x-varnish: 880517536 860544217
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 6e59a0865a2e0e16-MXP
cf-bgj: imgq:100,h2pri

GET
H/1.1 200
OK html5-jquery-3.5.1-lightbox-2.6.min-main-nieruchomosci-ads-deep.bi-98094d358c56483135314a865a0dd1f1-content.js Show response
flortactheo.gq/_static/ 365 KB
100 KB 31ms
30ms Script
application/javascript 2a06:98c1:3121::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: http://flortactheo.gq/_static/html5-jquery-3.5.1-lightbox-2.6.min-main-nieruchomosci-ads-deep.bi-98094d358c56483135314a865a0dd1f1-content.js
Requested by: Host: flortactheo.gq
URL: http://flortactheo.gq/
Protocol: HTTP/1.1
Server: 2a06:98c1:3121::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4de28a05e0b438d5800c7dd1345e0ec1a63da96a9e2ad0a65d43203cd91d48ed

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://flortactheo.gq/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Wed, 02 Mar 2022 11:00:09 GMT
Content-Encoding: gzip
CF-Cache-Status: HIT
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Age: 2037
Transfer-Encoding: chunked
Connection: keep-alive
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
Last-Modified: Wed, 02 Mar 2022 09:23:57 GMT
Server: cloudflare
ETag: W/"621f37ad-5b561"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=htBICgD%2BbhbzpbzpEn%2BEVxx7kMfPdD2cPWnsS9kxlG6yz2io4OZfCWKk4RXEBO22mLnnnnxnHIyL67C%2BV232RIRBNqrk%2BkJQi%2BwBiequ16UC3VLzFqiTHzY0tlY7ACOLvSCh2LwPvi75NnfaUg%3D%3D"}],"group":"cf-nel","max_age":604800}
Content-Type: application/javascript
Cache-Control: max-age=14400
CF-RAY: 6e59a0863cc43751-MXP

GET
H/1.1 200
OK xgemius.js Show response
advice.hit.gemius.pl/ 40 KB
11 KB 88ms
31ms Script
application/x-javascript 185.11.128.205
Autonomous System...

General

Check archive.org

Show headers Download Go to

Full URL: http://advice.hit.gemius.pl/xgemius.js
Requested by: Host: flortactheo.gq
URL: http://flortactheo.gq/
Protocol: HTTP/1.1
Server: 185.11.128.205 , Poland, ASN50599 (Autonomous System for Data Space Sp. z o.o., PL),
Reverse DNS: host-185-11-128-205.dataspace.pl
Software: GHC /
Resource Hash: 919462eb23533d6a32db8faf732b4d7dafa39f69d32bff2a6905748fedf47bcb

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://flortactheo.gq/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Wed, 02 Mar 2022 11:00:09 GMT
Content-Encoding: gzip
Last-Modified: Fri, 18 Feb 2022 08:43:58 GMT
Server: GHC
Vary: Accept-Encoding,Origin
P3P: CP="NOI DSP COR NID PSAo OUR IND"
Cache-Control: max-age=43200
Cross-Origin-Resource-Policy: cross-origin
Connection: keep-alive
Accept-Ranges: none
Content-Type: application/x-javascript
Keep-Alive: timeout=10
Content-Length: 10842
Expires: Wed, 02 Mar 2022 23:00:09 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 142 KB
51 KB 50ms
24ms Script
application/javascript 2a00:1450:4001:831::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-WC56M55

Requested by

Host: flortactheo.gq
URL: http://flortactheo.gq/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

ddbe92e7c31a4aac4c2a7e4b8ea9659a24c8f8d1a80a63d5c4b2c8db104410e3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://flortactheo.gq/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 02 Mar 2022 11:00:09 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 52504
x-xss-protection: 0
last-modified: Wed, 02 Mar 2022 09:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Wed, 02 Mar 2022 11:00:09 GMT

GET
H/1.1 200
OK init.js Show response
api.deep.bi/v3/ 67 KB
20 KB 179ms
147ms Script
application/javascript 2606:4700:10::6816:28b9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: http://api.deep.bi/v3/init.js
Requested by: Host: flortactheo.gq
URL: http://flortactheo.gq/
Protocol: HTTP/1.1
Server: 2606:4700:10::6816:28b9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3650d40555b65c92b0a701dcb52783d0dc3d6b8bdd2c70dfaf3f8798635be492

Request headers

Referer: http://flortactheo.gq/
Origin: http://flortactheo.gq
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Wed, 02 Mar 2022 11:00:09 GMT
Content-Encoding: gzip
CF-Cache-Status: MISS
Last-Modified: Wed, 02 Mar 2022 11:00:09 GMT
Server: cloudflare
Vary: Accept-Encoding
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=3600, stale-if-error=3600
X-Server: tr01-fsn1.prod-deep.com
Connection: keep-alive
Access-Control-Allow-Credentials: true
CF-RAY: 6e59a08688f35995-MXP
Transfer-Encoding: chunked

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 99 KB
27 KB 32ms
8ms Script
application/x-javascript 2a03:2880:f02d:12:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: flortactheo.gq
URL: http://flortactheo.gq/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f02d:12:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

27bcdc67e32fef9bdd86b785b1bafadd7f6915c49f6b49bed86bfbddf414b2f8

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'self';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://flortactheo.gq/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

content-security-policy: default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
content-encoding: gzip
x-content-type-options: nosniff
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=3600,h3-29=":443"; ma=3600
content-length: 26236
x-xss-protection: 0
pragma: public
x-fb-debug: OJvl7n81zc0uBNFYAv/gZLUBGfF9ILBnAAfJO3dtDXtaSORxsdYRdkydqH7wXz7Xz7dUCtMG8aoV8mID0DuhIQ==
x-fb-trip-id: 917726464
x-frame-options: DENY
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
date: Wed, 02 Mar 2022 11:00:09 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
x-fb-rlafr: 0
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2

200

sdk.js Show response
connect.facebook.net/pl_PL/
Redirect Chain

http://connect.facebook.net/pl_PL/sdk.js
https://connect.facebook.net/pl_PL/sdk.js

3 KB
2 KB

8ms
6ms

Script
application/x-javascript

2a03:2880:f02d:12:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/pl_PL/sdk.js

Requested by

Host: flortactheo.gq
URL: http://flortactheo.gq/

Protocol

Server

2a03:2880:f02d:12:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

e997cf742dedb6584ef50c3dc8d27a73bfdccf5a889b792cf8d98a1d5f0af9fb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://flortactheo.gq/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
content-md5: ugkyUvufxx+SbCDNKOOOUQ==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=3600,h3-29=":443"; ma=3600
content-length: 1684
x-fb-rlafr: 0
x-fb-debug: G5qMHzmPkwNuzTuBWLWlKo7entsvDslbhso97+Gp+MiZ62vgNSkX3ROn7oNM2UWshqCEV+iC0Itqs0qkTqJQvQ==
x-fb-trip-id: 917726464
x-fb-content-md5: 84ea833b62388882fc9b205fe8c183f5
x-frame-options: DENY
date: Wed, 02 Mar 2022 11:00:09 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=1200,stale-while-revalidate=3600
etag: "20bdea3b01d7e2fbecd90090a489c25b"
timing-allow-origin: *
priority: u=3,i
expires: Wed, 02 Mar 2022 11:09:49 GMT

Redirect headers

Location: https://connect.facebook.net/pl_PL/sdk.js
Non-Authoritative-Reason: HSTS
Cross-Origin-Resource-Policy: Cross-Origin

GET
H/1.1 200
OK logo-wprost-header.png
flortactheo.gq/wprost/_i/ 3 KB
3 KB 251ms
38ms Image
image/png 2a06:98c1:3121::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://flortactheo.gq/wprost/_i/logo-wprost-header.png
Requested by: Host: flortactheo.gq
URL: http://flortactheo.gq/_static/OpenSans-Roboto-RobotoCondensed-define-layout-forms-header-menu-lightbox-nieruchomosci-paywall-message-1bc0e998e299128c73ed5100c28b2951-content.css
Protocol: HTTP/1.1
Server: 2a06:98c1:3121::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c01351f6b65ecb4efde549618c748755dec43b369bec2897260f7f4ec05aebbe

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://flortactheo.gq/_static/OpenSans-Roboto-RobotoCondensed-define-layout-forms-header-menu-lightbox-nieruchomosci-paywall-message-1bc0e998e299128c73ed5100c28b2951-content.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Wed, 02 Mar 2022 11:00:09 GMT
CF-Cache-Status: HIT
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Age: 2036
Connection: keep-alive
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
Content-Length: 2632
Last-Modified: Wed, 02 Mar 2022 09:23:57 GMT
Server: cloudflare
ETag: "621f37ad-a48"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=g0x1SWhyJiab3v7jZ7QQ6%2Fbqey5r%2FzT4oD2fiY8FlJpm1rXVDKYTtMliZKVIsxKaUpx0XZVbm9RXfU9VOTbjkt0hb1fv9rMGoIHBAExB9LFpQPkHdzUDSbyFTKCpq4UKJeyOSYRY0kJogExyhg%3D%3D"}],"group":"cf-nel","max_age":604800}
Content-Type: image/png
Cache-Control: max-age=14400
Accept-Ranges: bytes
CF-RAY: 6e59a087ef6259ef-MXP

GET
H/1.1 200
OK icon-20-a-menu.png
flortactheo.gq/_i/ 1 KB
2 KB 265ms
47ms Image
image/png 2a06:98c1:3121::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://flortactheo.gq/_i/icon-20-a-menu.png
Requested by: Host: flortactheo.gq
URL: http://flortactheo.gq/_static/OpenSans-Roboto-RobotoCondensed-define-layout-forms-header-menu-lightbox-nieruchomosci-paywall-message-1bc0e998e299128c73ed5100c28b2951-content.css
Protocol: HTTP/1.1
Server: 2a06:98c1:3121::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 42b21abbca1944f3630cf12ce218a16eed50f9673faf100047ca61341e318b80

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://flortactheo.gq/_static/OpenSans-Roboto-RobotoCondensed-define-layout-forms-header-menu-lightbox-nieruchomosci-paywall-message-1bc0e998e299128c73ed5100c28b2951-content.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Wed, 02 Mar 2022 11:00:09 GMT
CF-Cache-Status: HIT
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Age: 2036
Connection: keep-alive
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
Content-Length: 1027
Last-Modified: Wed, 02 Mar 2022 09:23:57 GMT
Server: cloudflare
ETag: "621f37ad-403"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bpk7YG7WvZVvwY4I10%2F3XebM5Y%2Fam1bPONFtcPlmQZtrOYi%2BWs7MNMYE9wsakWwjtb2h8o5wjp23rzefYyRRcnXi%2F%2Bs4V7CefQw%2FzPCQVGS1rZTQHQcYSEVH9KE79rDHuS0QFLsmhMAQH0ElZQ%3D%3D"}],"group":"cf-nel","max_age":604800}
Content-Type: image/png
Cache-Control: max-age=14400
Accept-Ranges: bytes
CF-RAY: 6e59a087fc24839d-MXP

GET
H/1.1 200
OK ieVl2ZhZI2eCN5jzbjEETS9weq8-19K7DQ.woff2
flortactheo.gq/_fonts/RobotoCondensed/ 15 KB
16 KB 235ms
226ms Font
application/octet-stream 2a06:98c1:3121::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: http://flortactheo.gq/_fonts/RobotoCondensed/ieVl2ZhZI2eCN5jzbjEETS9weq8-19K7DQ.woff2
Requested by: Host: flortactheo.gq
URL: http://flortactheo.gq/_static/OpenSans-Roboto-RobotoCondensed-define-layout-forms-header-menu-lightbox-nieruchomosci-paywall-message-1bc0e998e299128c73ed5100c28b2951-content.css
Protocol: HTTP/1.1
Server: 2a06:98c1:3121::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 53b907326f7c21a04f6d39cc32ff471aafec57d887feabfabb53394f378c659f

Request headers

Referer: http://flortactheo.gq/_static/OpenSans-Roboto-RobotoCondensed-define-layout-forms-header-menu-lightbox-nieruchomosci-paywall-message-1bc0e998e299128c73ed5100c28b2951-content.css
Origin: http://flortactheo.gq
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Wed, 02 Mar 2022 11:00:09 GMT
CF-Cache-Status: MISS
Last-Modified: Wed, 02 Mar 2022 09:23:57 GMT
Server: cloudflare
ETag: "3d68-5d938d7538a4e"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qYqb4vuoLwAJnZ6p%2FszOwpglbRZW6rWdMB2rX4s20jDN3qaJ%2FWZXc2eP5LL5%2FJ7Lx2IrNAszizbdLd2v0tgA3f59HMfKtHx5KloxdQdwK3xvvZJTyrPWE5uUPEurz%2FcOoLo5beWEtIxgqdv41g%3D%3D"}],"group":"cf-nel","max_age":604800}
Cache-Control: max-age=14400
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Connection: keep-alive
Accept-Ranges: bytes
CF-RAY: 6e59a0866ae159ef-MXP
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
Content-Length: 15720

GET
H/1.1 200
OK ieVi2ZhZI2eCN5jzbjEETS9weq8-33mZGCQYbw.woff2
flortactheo.gq/_fonts/RobotoCondensed/ 15 KB
16 KB 238ms
221ms Font
application/octet-stream 2a06:98c1:3121::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: http://flortactheo.gq/_fonts/RobotoCondensed/ieVi2ZhZI2eCN5jzbjEETS9weq8-33mZGCQYbw.woff2
Requested by: Host: flortactheo.gq
URL: http://flortactheo.gq/_static/OpenSans-Roboto-RobotoCondensed-define-layout-forms-header-menu-lightbox-nieruchomosci-paywall-message-1bc0e998e299128c73ed5100c28b2951-content.css
Protocol: HTTP/1.1
Server: 2a06:98c1:3121::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ab106619cd53cba1c09e1b3aedcf87dc90958fef3b886f9107a0ae94f5dd7733

Request headers

Referer: http://flortactheo.gq/_static/OpenSans-Roboto-RobotoCondensed-define-layout-forms-header-menu-lightbox-nieruchomosci-paywall-message-1bc0e998e299128c73ed5100c28b2951-content.css
Origin: http://flortactheo.gq
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Wed, 02 Mar 2022 11:00:09 GMT
CF-Cache-Status: MISS
Last-Modified: Wed, 02 Mar 2022 09:23:57 GMT
Server: cloudflare
ETag: "3cf4-5d938d7538a4e"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iBwKKjSjSlvbm1aZWfwAs3cj7WtBJZE6UYcVDk1eLu6sgXKtFu%2FeTCwDlEpEFOGJn2yFDil65rKxRLBHDIfxZ65gKkp%2B%2BUyFsX6ypmH0j%2F0n2NYpFlSIItLQZESJMEM%2FEAb8%2FJIJxMghA3k%2F9w%3D%3D"}],"group":"cf-nel","max_age":604800}
Cache-Control: max-age=14400
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Connection: keep-alive
Accept-Ranges: bytes
CF-RAY: 6e59a0868ffb839d-MXP
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
Content-Length: 15604

GET
H/1.1 200
OK ieVi2ZhZI2eCN5jzbjEETS9weq8-32meGCQYbw.woff2
flortactheo.gq/_fonts/RobotoCondensed/ 15 KB
16 KB 238ms
221ms Font
application/octet-stream 2a06:98c1:3121::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: http://flortactheo.gq/_fonts/RobotoCondensed/ieVi2ZhZI2eCN5jzbjEETS9weq8-32meGCQYbw.woff2
Requested by: Host: flortactheo.gq
URL: http://flortactheo.gq/_static/OpenSans-Roboto-RobotoCondensed-define-layout-forms-header-menu-lightbox-nieruchomosci-paywall-message-1bc0e998e299128c73ed5100c28b2951-content.css
Protocol: HTTP/1.1
Server: 2a06:98c1:3121::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c867104326e3c4b658209d8e5bcea0900aaf7fbc2bbc181ca01c482cac2810f3

Request headers

Referer: http://flortactheo.gq/_static/OpenSans-Roboto-RobotoCondensed-define-layout-forms-header-menu-lightbox-nieruchomosci-paywall-message-1bc0e998e299128c73ed5100c28b2951-content.css
Origin: http://flortactheo.gq
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Wed, 02 Mar 2022 11:00:09 GMT
CF-Cache-Status: MISS
Last-Modified: Wed, 02 Mar 2022 09:23:57 GMT
Server: cloudflare
ETag: "3d18-5d938d7538a4e"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zwU1kvS7Ss3%2FPK3d9LHAzPvEq5AR3s0sJKBMm9lkPlWIgGJNkRPj4Bb8mOPQ13PQ9xMtjATRGUbN3mdUo11yQq7ub8cOE8g0VGdhCEOuGw1%2BXUdgFpgIxjXvnKLRyqLzbSVzY9RIgzL1APmHdw%3D%3D"}],"group":"cf-nel","max_age":604800}
Cache-Control: max-age=14400
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Connection: keep-alive
Accept-Ranges: bytes
CF-RAY: 6e59a0867e5359dd-MXP
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
Content-Length: 15640

GET
H/1.1 200
OK KFOmCnqEu92Fr1Mu4mxK.woff2
flortactheo.gq/_fonts/Roboto/ 15 KB
16 KB 230ms
211ms Font
application/octet-stream 2a06:98c1:3121::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: http://flortactheo.gq/_fonts/Roboto/KFOmCnqEu92Fr1Mu4mxK.woff2
Requested by: Host: flortactheo.gq
URL: http://flortactheo.gq/_static/OpenSans-Roboto-RobotoCondensed-define-layout-forms-header-menu-lightbox-nieruchomosci-paywall-message-1bc0e998e299128c73ed5100c28b2951-content.css
Protocol: HTTP/1.1
Server: 2a06:98c1:3121::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 48c3fa6f86c54f1d9bb519220713d4b0a1f8cd1a589a3c03b9fa82e98ecb13e3

Request headers

Referer: http://flortactheo.gq/_static/OpenSans-Roboto-RobotoCondensed-define-layout-forms-header-menu-lightbox-nieruchomosci-paywall-message-1bc0e998e299128c73ed5100c28b2951-content.css
Origin: http://flortactheo.gq
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Wed, 02 Mar 2022 11:00:09 GMT
CF-Cache-Status: MISS
Last-Modified: Wed, 02 Mar 2022 09:23:57 GMT
Server: cloudflare
ETag: "3d78-5d938d753921e"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ljk5pNBpoU8tV4L0ZIyoDVfRZTsBnSHX9183ZoXya34VDcV9Vj%2B08dnTW9%2Fn9nxaSXmO0QX2wE5PfaDPDK6nm9bAO2sYuyblUINtLWaLCrFG8VRXo5Y%2FrolgReHree6t1VcmUXZY%2B4ofWd7VJQ%3D%3D"}],"group":"cf-nel","max_age":604800}
Cache-Control: max-age=14400
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Connection: keep-alive
Accept-Ranges: bytes
CF-RAY: 6e59a0868d3d83a9-MXP
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
Content-Length: 15736

GET
H/1.1 200
OK ieVi2ZhZI2eCN5jzbjEETS9weq8-32meGCoYb8td.woff2
flortactheo.gq/_fonts/RobotoCondensed/ 12 KB
12 KB 172ms
144ms Font
application/octet-stream 2a06:98c1:3121::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: http://flortactheo.gq/_fonts/RobotoCondensed/ieVi2ZhZI2eCN5jzbjEETS9weq8-32meGCoYb8td.woff2
Requested by: Host: flortactheo.gq
URL: http://flortactheo.gq/_static/OpenSans-Roboto-RobotoCondensed-define-layout-forms-header-menu-lightbox-nieruchomosci-paywall-message-1bc0e998e299128c73ed5100c28b2951-content.css
Protocol: HTTP/1.1
Server: 2a06:98c1:3121::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 22e730c5e58a487c838bda5b1a08e1b2a0d537371c08d4a01c56593ed8160ee6

Request headers

Referer: http://flortactheo.gq/_static/OpenSans-Roboto-RobotoCondensed-define-layout-forms-header-menu-lightbox-nieruchomosci-paywall-message-1bc0e998e299128c73ed5100c28b2951-content.css
Origin: http://flortactheo.gq
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Wed, 02 Mar 2022 11:00:09 GMT
CF-Cache-Status: MISS
Last-Modified: Wed, 02 Mar 2022 09:23:57 GMT
Server: cloudflare
ETag: "2edc-5d938d7538a4e"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bgTNrESrwNmXxteMQNICpRgXmB3rUPzCkEQcwUbuw507Wfhg2W2RIU1c3TxZwiwvUHuTZ%2F0F6TCdA8HV5Hp%2FaZEZ857I%2BBvddrDMO%2BxZbTGPzsQPjzNmFxrsfJANteYD6QoQmNySDn12e6o5aQ%3D%3D"}],"group":"cf-nel","max_age":604800}
Cache-Control: max-age=14400
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Connection: keep-alive
Accept-Ranges: bytes
CF-RAY: 6e59a0869d713751-MXP
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
Content-Length: 11996

GET
H/1.1 200
OK KFOmCnqEu92Fr1Mu7GxKOzY.woff2
flortactheo.gq/_fonts/Roboto/ 12 KB
13 KB 183ms
153ms Font
application/octet-stream 2a06:98c1:3121::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: http://flortactheo.gq/_fonts/Roboto/KFOmCnqEu92Fr1Mu7GxKOzY.woff2
Requested by: Host: flortactheo.gq
URL: http://flortactheo.gq/_static/OpenSans-Roboto-RobotoCondensed-define-layout-forms-header-menu-lightbox-nieruchomosci-paywall-message-1bc0e998e299128c73ed5100c28b2951-content.css
Protocol: HTTP/1.1
Server: 2a06:98c1:3121::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4c84629456a70df1137ab4bdcddba32050a2524568912630c2538746cbbcdc51

Request headers

Referer: http://flortactheo.gq/_static/OpenSans-Roboto-RobotoCondensed-define-layout-forms-header-menu-lightbox-nieruchomosci-paywall-message-1bc0e998e299128c73ed5100c28b2951-content.css
Origin: http://flortactheo.gq
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Wed, 02 Mar 2022 11:00:09 GMT
CF-Cache-Status: MISS
Last-Modified: Wed, 02 Mar 2022 09:23:57 GMT
Server: cloudflare
ETag: "2fa8-5d938d753921e"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9TSq8JiO4tKi95OvklOkqmTfdynzjeuTAGxw8zPtMjgj16d67s97GjM81S8we%2BftuM1QqNnh5d0j%2BDdzS18HetD1cHA6kfPDeSIQKWCm7F6xl4r4s5PJHSjqMcQIwfQMIrq%2Fxp0Go4Gg4t5l4w%3D%3D"}],"group":"cf-nel","max_age":604800}
Cache-Control: max-age=14400
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Connection: keep-alive
Accept-Ranges: bytes
CF-RAY: 6e59a086ada583a9-MXP
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
Content-Length: 12200

GET
H/1.1 200
OK ieVi2ZhZI2eCN5jzbjEETS9weq8-33mZGCoYb8td.woff2
flortactheo.gq/_fonts/RobotoCondensed/ 12 KB
12 KB 309ms
145ms Font
application/octet-stream 2a06:98c1:3121::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: http://flortactheo.gq/_fonts/RobotoCondensed/ieVi2ZhZI2eCN5jzbjEETS9weq8-33mZGCoYb8td.woff2
Requested by: Host: flortactheo.gq
URL: http://flortactheo.gq/_static/OpenSans-Roboto-RobotoCondensed-define-layout-forms-header-menu-lightbox-nieruchomosci-paywall-message-1bc0e998e299128c73ed5100c28b2951-content.css
Protocol: HTTP/1.1
Server: 2a06:98c1:3121::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1b019dba654b6a670ff83612cc866453fac6b389c1da4832159f340ead53081a

Request headers

Referer: http://flortactheo.gq/_static/OpenSans-Roboto-RobotoCondensed-define-layout-forms-header-menu-lightbox-nieruchomosci-paywall-message-1bc0e998e299128c73ed5100c28b2951-content.css
Origin: http://flortactheo.gq
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Wed, 02 Mar 2022 11:00:09 GMT
CF-Cache-Status: MISS
Last-Modified: Wed, 02 Mar 2022 09:23:57 GMT
Server: cloudflare
ETag: "2ec0-5d938d7538e36"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tVD%2B7Jd6H0n2XEdRCp8yZXw8ae80WKlav%2FXOiKRRUHQzjLrv5d7ECuQe93Qomj3YVOh5%2FjfLwKt18DNQ%2BO%2F8jwLg6%2FXjMzxsZcmn08UDTwaTtgh3cu2YkfNtDlaHxVD1%2FmX%2BYXZFoBc7nKMoqw%3D%3D"}],"group":"cf-nel","max_age":604800}
Cache-Control: max-age=14400
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Connection: keep-alive
Accept-Ranges: bytes
CF-RAY: 6e59a0877f963751-MXP
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
Content-Length: 11968

GET
H/1.1 200
OK ieVl2ZhZI2eCN5jzbjEETS9weq8-19y7DRs5.woff2
flortactheo.gq/_fonts/RobotoCondensed/ 12 KB
12 KB 349ms
176ms Font
application/octet-stream 2a06:98c1:3121::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: http://flortactheo.gq/_fonts/RobotoCondensed/ieVl2ZhZI2eCN5jzbjEETS9weq8-19y7DRs5.woff2
Requested by: Host: flortactheo.gq
URL: http://flortactheo.gq/_static/OpenSans-Roboto-RobotoCondensed-define-layout-forms-header-menu-lightbox-nieruchomosci-paywall-message-1bc0e998e299128c73ed5100c28b2951-content.css
Protocol: HTTP/1.1
Server: 2a06:98c1:3121::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6e13e58861d0d8000aa6c0b58204094359a1614ab079848ba8ba3a7f06028066

Request headers

Referer: http://flortactheo.gq/_static/OpenSans-Roboto-RobotoCondensed-define-layout-forms-header-menu-lightbox-nieruchomosci-paywall-message-1bc0e998e299128c73ed5100c28b2951-content.css
Origin: http://flortactheo.gq
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Wed, 02 Mar 2022 11:00:09 GMT
CF-Cache-Status: MISS
Last-Modified: Wed, 02 Mar 2022 09:23:57 GMT
Server: cloudflare
ETag: "2f30-5d938d7538e36"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FYQpuqvmnXOvis4LmPrOGf2kbo3ZcMUtrPwu7Kon3mqEDacYrGdzS0cZ3ezzphR2WquuXAvyPkeR4tsrWtEd3IK1Wk9D30m1olPh9MShvtvSVQn6FAGPbE1vPR7UcEli0T4OJ2U8pbBvPRZ9eg%3D%3D"}],"group":"cf-nel","max_age":604800}
Cache-Control: max-age=14400
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Connection: keep-alive
Accept-Ranges: bytes
CF-RAY: 6e59a087983a83a9-MXP
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
Content-Length: 12080

GET
H/1.1 200
OK icon-30-share.png
flortactheo.gq/_i/ 1 KB
2 KB 154ms
154ms Image
image/png 2a06:98c1:3121::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://flortactheo.gq/_i/icon-30-share.png
Requested by: Host: flortactheo.gq
URL: http://flortactheo.gq/_static/OpenSans-Roboto-RobotoCondensed-define-layout-forms-header-menu-lightbox-nieruchomosci-paywall-message-1bc0e998e299128c73ed5100c28b2951-content.css
Protocol: HTTP/1.1
Server: 2a06:98c1:3121::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7d6c3674785d0db6ea9c952d6389ad37ac07753cd0161fb0b6f7e0081153f316

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://flortactheo.gq/_static/OpenSans-Roboto-RobotoCondensed-define-layout-forms-header-menu-lightbox-nieruchomosci-paywall-message-1bc0e998e299128c73ed5100c28b2951-content.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Wed, 02 Mar 2022 11:00:09 GMT
CF-Cache-Status: MISS
Last-Modified: Wed, 02 Mar 2022 09:23:57 GMT
Server: cloudflare
ETag: "621f37ad-5b7"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wNQGLbAkh4BNGdp25wR%2BnNkRW1qYcbbb%2B%2FCquMTzGautrjDKXWr5qhOjjR92Yn50PUdx1kFXcyPZLw46nmnZ%2FTAhZla7fwO0s%2BPN6eWo3%2ByoJLQo8rerHxVtzdZWiR696ZOIDozdO0SVJwFfxQ%3D%3D"}],"group":"cf-nel","max_age":604800}
Content-Type: image/png
Cache-Control: max-age=14400
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Connection: keep-alive
Accept-Ranges: bytes
CF-RAY: 6e59a08869ba3751-MXP
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
Content-Length: 1463

GET
H/1.1 200
OK icon-30-comment.png
flortactheo.gq/_i/ 1 KB
2 KB 147ms
147ms Image
image/png 2a06:98c1:3121::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://flortactheo.gq/_i/icon-30-comment.png
Requested by: Host: flortactheo.gq
URL: http://flortactheo.gq/_static/OpenSans-Roboto-RobotoCondensed-define-layout-forms-header-menu-lightbox-nieruchomosci-paywall-message-1bc0e998e299128c73ed5100c28b2951-content.css
Protocol: HTTP/1.1
Server: 2a06:98c1:3121::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: fd5e88b0f2cc6fb839016d92d209e99cefce24f4ff6bca4c5ab02bc8c2b1ffe0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://flortactheo.gq/_static/OpenSans-Roboto-RobotoCondensed-define-layout-forms-header-menu-lightbox-nieruchomosci-paywall-message-1bc0e998e299128c73ed5100c28b2951-content.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Wed, 02 Mar 2022 11:00:09 GMT
CF-Cache-Status: MISS
Last-Modified: Wed, 02 Mar 2022 09:23:57 GMT
Server: cloudflare
ETag: "621f37ad-4d0"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tkMusqz8EUK%2FAvORzrIptwaBYB2UEwdBYHA%2B%2FcdFGHCPZLxlq7ve8ZzngYbvgW3fD4yLNe3tWpOjmvEmxQlUYxSB0Z4JKlKEply%2BTbuyQkT2lpEC7jR0fFst%2FxZikH6tp9u%2FI%2BhE7i5Z1RGO3w%3D%3D"}],"group":"cf-nel","max_age":604800}
Content-Type: image/png
Cache-Control: max-age=14400
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Connection: keep-alive
Accept-Ranges: bytes
CF-RAY: 6e59a0887d7d839d-MXP
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
Content-Length: 1232

GET
H/1.1 200
OK header-nieruchomosci-01.jpg
flortactheo.gq/wprost-nieruchomosci/_i/ 168 KB
169 KB 253ms
248ms Image
image/jpeg 2a06:98c1:3121::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://flortactheo.gq/wprost-nieruchomosci/_i/header-nieruchomosci-01.jpg
Requested by: Host: flortactheo.gq
URL: http://flortactheo.gq/_static/OpenSans-Roboto-RobotoCondensed-define-layout-forms-header-menu-lightbox-nieruchomosci-paywall-message-1bc0e998e299128c73ed5100c28b2951-content.css
Protocol: HTTP/1.1
Server: 2a06:98c1:3121::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c79b7506033f731f036b8c0da54494d539ddb31a06a0266c6189a4990f1d13cc

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://flortactheo.gq/_static/OpenSans-Roboto-RobotoCondensed-define-layout-forms-header-menu-lightbox-nieruchomosci-paywall-message-1bc0e998e299128c73ed5100c28b2951-content.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Wed, 02 Mar 2022 11:00:09 GMT
CF-Cache-Status: MISS
Last-Modified: Wed, 02 Mar 2022 09:23:57 GMT
Server: cloudflare
ETag: "621f37ad-29f56"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NmJn48MLTrTzCZkaqtfH5rx9uuauWcAEbhDQ2E1zn4txBscDYvSLfIoaVBfobotlCOh%2BaXNGvzEtexuF%2B5p6sqKIqcEHKXzedijLh%2F%2F7UplbTuzUm2XrJj9ShKMgy9XARXANq%2BX%2BOA%2BRKGbBTw%3D%3D"}],"group":"cf-nel","max_age":604800}
Content-Type: image/jpeg
Cache-Control: max-age=14400
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Connection: keep-alive
Accept-Ranges: bytes
CF-RAY: 6e59a088998359ef-MXP
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
Content-Length: 171862

GET
H/1.1 200
OK icon-20-c-check.png
flortactheo.gq/_i/ 360 B
1 KB 171ms
171ms Image
image/png 2a06:98c1:3121::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://flortactheo.gq/_i/icon-20-c-check.png
Requested by: Host: flortactheo.gq
URL: http://flortactheo.gq/_static/OpenSans-Roboto-RobotoCondensed-define-layout-forms-header-menu-lightbox-nieruchomosci-paywall-message-1bc0e998e299128c73ed5100c28b2951-content.css
Protocol: HTTP/1.1
Server: 2a06:98c1:3121::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 42029e6774581c9691e7a855bab8e412602160a2592cb13574e6a9b9e0f390a8

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://flortactheo.gq/_static/OpenSans-Roboto-RobotoCondensed-define-layout-forms-header-menu-lightbox-nieruchomosci-paywall-message-1bc0e998e299128c73ed5100c28b2951-content.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Wed, 02 Mar 2022 11:00:09 GMT
CF-Cache-Status: MISS
Last-Modified: Wed, 02 Mar 2022 09:23:57 GMT
Server: cloudflare
ETag: "621f37ad-168"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FmvoGGUx5Skz58UynCZWi4F878R%2BFr%2Fi2NQYpTF7LYkVaaz1U8AKtotD8NHJ5GvqHPWYsvhy7L5DqpiN3t2nBtonhRBEhmQBSIwDT66nh6Cwbnal7%2B3P0tyey2OsCXQeagwcTjQjw48syk4FhQ%3D%3D"}],"group":"cf-nel","max_age":604800}
Content-Type: image/png
Cache-Control: max-age=14400
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Connection: keep-alive
Accept-Ranges: bytes
CF-RAY: 6e59a088bb6383a9-MXP
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
Content-Length: 360

GET
H/1.1 200
OK icon-20-a-soc-facebook.png
flortactheo.gq/_i/ 1 KB
2 KB 45ms
45ms Image
image/png 2a06:98c1:3121::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://flortactheo.gq/_i/icon-20-a-soc-facebook.png
Requested by: Host: flortactheo.gq
URL: http://flortactheo.gq/_static/OpenSans-Roboto-RobotoCondensed-define-layout-forms-header-menu-lightbox-nieruchomosci-paywall-message-1bc0e998e299128c73ed5100c28b2951-content.css
Protocol: HTTP/1.1
Server: 2a06:98c1:3121::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: dc6aa291217a39c090896ceca42dde661767f883062d581a6074b3c27b72d6af

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://flortactheo.gq/_static/OpenSans-Roboto-RobotoCondensed-define-layout-forms-header-menu-lightbox-nieruchomosci-paywall-message-1bc0e998e299128c73ed5100c28b2951-content.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Wed, 02 Mar 2022 11:00:09 GMT
CF-Cache-Status: HIT
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Age: 2032
Connection: keep-alive
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
Content-Length: 1110
Last-Modified: Wed, 02 Mar 2022 09:23:57 GMT
Server: cloudflare
ETag: "621f37ad-456"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EwhwahipJ8uUJPMcB1JbtGK8axS25LZD2njVAlcn2IouQZj2pnFJXqewFKJW5a7nvdY93ROOGMREYTSLqhmphLDte9XlliEeJ%2F0%2BwQvS9CdAOaExfGfbBGeT8Yysz2Y8bOG1QydJmLdDuGf3Mg%3D%3D"}],"group":"cf-nel","max_age":604800}
Content-Type: image/png
Cache-Control: max-age=14400
Accept-Ranges: bytes
CF-RAY: 6e59a088fdb959dd-MXP

GET
H/1.1 200
OK icon-20-a-soc-twitter.png
flortactheo.gq/_i/ 1 KB
2 KB 47ms
47ms Image
image/png 2a06:98c1:3121::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://flortactheo.gq/_i/icon-20-a-soc-twitter.png
Requested by: Host: flortactheo.gq
URL: http://flortactheo.gq/_static/OpenSans-Roboto-RobotoCondensed-define-layout-forms-header-menu-lightbox-nieruchomosci-paywall-message-1bc0e998e299128c73ed5100c28b2951-content.css
Protocol: HTTP/1.1
Server: 2a06:98c1:3121::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5f416547d36ab9ef1af8bd30eb509bd63c961ffe240096d7bc6e4a9162eb10df

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://flortactheo.gq/_static/OpenSans-Roboto-RobotoCondensed-define-layout-forms-header-menu-lightbox-nieruchomosci-paywall-message-1bc0e998e299128c73ed5100c28b2951-content.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Wed, 02 Mar 2022 11:00:09 GMT
CF-Cache-Status: HIT
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Age: 2032
Connection: keep-alive
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
Content-Length: 1281
Last-Modified: Wed, 02 Mar 2022 09:23:57 GMT
Server: cloudflare
ETag: "621f37ad-501"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UKsIWz0TwiRy6DLoU3FiN2P7sxH3BjKPwAQlMokt%2F%2FNd7TvlguV8kFKcZyhh9oxRMcGqN%2Fj8Yx28EiDxtMqj4obS5Pv60HVi1ps%2BooE0fN9KQjbnKYWO%2BArzEv0PuxmCWkIW%2FFBJ6FtbTJztGA%3D%3D"}],"group":"cf-nel","max_age":604800}
Content-Type: image/png
Cache-Control: max-age=14400
Accept-Ranges: bytes
CF-RAY: 6e59a0894d4483a9-MXP

GET
H/1.1 200
OK icon-20-a-soc-you-tube.png
flortactheo.gq/_i/ 1 KB
2 KB 175ms
175ms Image
image/png 2a06:98c1:3121::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://flortactheo.gq/_i/icon-20-a-soc-you-tube.png
Requested by: Host: flortactheo.gq
URL: http://flortactheo.gq/_static/OpenSans-Roboto-RobotoCondensed-define-layout-forms-header-menu-lightbox-nieruchomosci-paywall-message-1bc0e998e299128c73ed5100c28b2951-content.css
Protocol: HTTP/1.1
Server: 2a06:98c1:3121::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f4231e6435e26e6cbd926387d7d59bd67745bae47173ffc868631c4138d80f55

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://flortactheo.gq/_static/OpenSans-Roboto-RobotoCondensed-define-layout-forms-header-menu-lightbox-nieruchomosci-paywall-message-1bc0e998e299128c73ed5100c28b2951-content.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Wed, 02 Mar 2022 11:00:09 GMT
CF-Cache-Status: MISS
Last-Modified: Wed, 02 Mar 2022 09:23:57 GMT
Server: cloudflare
ETag: "621f37ad-4b1"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gBwTMTk%2FBMbBv%2FTCFZbbKP847i0rQhXKg9TMH5lJSX5PF%2FQA%2B4iKBol5HTlpZVoLrlknB5TIfJxHlLUWo4EFdtfOBZIn6dC81%2FldS45pAF1semmGvFw6nimzY%2FKwA1kcOPWX%2Fzq4Cau10TOlAw%3D%3D"}],"group":"cf-nel","max_age":604800}
Content-Type: image/png
Cache-Control: max-age=14400
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Connection: keep-alive
Accept-Ranges: bytes
CF-RAY: 6e59a0894e8159dd-MXP
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
Content-Length: 1201

GET
H/1.1 200
OK icon-20-a-arrow-left.png
flortactheo.gq/_i/ 1 KB
2 KB 41ms
40ms Image
image/png 2a06:98c1:3121::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://flortactheo.gq/_i/icon-20-a-arrow-left.png
Requested by: Host: flortactheo.gq
URL: http://flortactheo.gq/_static/OpenSans-Roboto-RobotoCondensed-define-layout-forms-header-menu-lightbox-nieruchomosci-paywall-message-1bc0e998e299128c73ed5100c28b2951-content.css
Protocol: HTTP/1.1
Server: 2a06:98c1:3121::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 779de053872046185bd650f7e2ffb8b4f1e0ee5f9b2bc73711dbf00f2abc6b28

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://flortactheo.gq/_static/OpenSans-Roboto-RobotoCondensed-define-layout-forms-header-menu-lightbox-nieruchomosci-paywall-message-1bc0e998e299128c73ed5100c28b2951-content.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Wed, 02 Mar 2022 11:00:09 GMT
CF-Cache-Status: HIT
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Age: 2034
Connection: keep-alive
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
Content-Length: 1134
Last-Modified: Wed, 02 Mar 2022 09:23:57 GMT
Server: cloudflare
ETag: "621f37ad-46e"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7K8p0QmBWqBbNKjni5VseHR%2F%2FsXd4R1Hcd3gfwmjgNj4otxv6KQeMcseOYfTegoWnjNHZkfDc0DJLn2QGYGDCgstxI7iOtn6PHpxxQS9g8A4Om4BjvBGeSUeC3WzrvEITswgG5C8sWWrZjuUow%3D%3D"}],"group":"cf-nel","max_age":604800}
Content-Type: image/png
Cache-Control: max-age=14400
Accept-Ranges: bytes
CF-RAY: 6e59a089685b839d-MXP

GET
H/1.1 200
OK icon-20-a-arrow-top.png
flortactheo.gq/_i/ 1 KB
2 KB 49ms
49ms Image
image/png 2a06:98c1:3121::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://flortactheo.gq/_i/icon-20-a-arrow-top.png
Requested by: Host: flortactheo.gq
URL: http://flortactheo.gq/_static/OpenSans-Roboto-RobotoCondensed-define-layout-forms-header-menu-lightbox-nieruchomosci-paywall-message-1bc0e998e299128c73ed5100c28b2951-content.css
Protocol: HTTP/1.1
Server: 2a06:98c1:3121::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 24fa35573d7e0db487ed379dc1ce2d72776d89129804568e1e5d1dccdfd3a27d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://flortactheo.gq/_static/OpenSans-Roboto-RobotoCondensed-define-layout-forms-header-menu-lightbox-nieruchomosci-paywall-message-1bc0e998e299128c73ed5100c28b2951-content.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Wed, 02 Mar 2022 11:00:09 GMT
CF-Cache-Status: HIT
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Age: 2034
Connection: keep-alive
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
Content-Length: 1117
Last-Modified: Wed, 02 Mar 2022 09:23:57 GMT
Server: cloudflare
ETag: "621f37ad-45d"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oqC14tJID%2F7FyiiDtFTClGvKbIaKvX93zT5%2B1N2tJTPMypZxEU9q9kTL%2B4gFMQyYvXrqXyGca98SMWUfrZqy11a%2FTltOwHZm6otPRgK0HWrfX90DPv%2B8Iok3EoO%2BY4Vr7g4hVdRaI%2BD6qqKpgA%3D%3D"}],"group":"cf-nel","max_age":604800}
Content-Type: image/png
Cache-Control: max-age=14400
Accept-Ranges: bytes
CF-RAY: 6e59a0896be13751-MXP

GET
H/1.1 200
OK icon-30-a-soc-facebook.png
flortactheo.gq/_i/ 1 KB
2 KB 44ms
44ms Image
image/png 2a06:98c1:3121::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://flortactheo.gq/_i/icon-30-a-soc-facebook.png
Requested by: Host: flortactheo.gq
URL: http://flortactheo.gq/_static/OpenSans-Roboto-RobotoCondensed-define-layout-forms-header-menu-lightbox-nieruchomosci-paywall-message-1bc0e998e299128c73ed5100c28b2951-content.css
Protocol: HTTP/1.1
Server: 2a06:98c1:3121::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d23c6c35e02d267d4ce46c0e9b197720d883ac35a6f608393c9964ff5831d603

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://flortactheo.gq/_static/OpenSans-Roboto-RobotoCondensed-define-layout-forms-header-menu-lightbox-nieruchomosci-paywall-message-1bc0e998e299128c73ed5100c28b2951-content.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Wed, 02 Mar 2022 11:00:09 GMT
CF-Cache-Status: HIT
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Age: 2033
Connection: keep-alive
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
Content-Length: 1161
Last-Modified: Wed, 02 Mar 2022 09:23:57 GMT
Server: cloudflare
ETag: "621f37ad-489"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8QSYVtsq%2FNVuGY0%2BL4e7%2B8E%2FptX1Jj0jiqaS8FXv0LCeUUNai4HSkbL4xl6VV0ZQwi94Or9f0c9LbjW%2Bk7CeuHzeM%2BgLpqDbVu9nZD3LhnoiOZXcj9moSZP6Yono93TenF0HrMMh1OmKXla00A%3D%3D"}],"group":"cf-nel","max_age":604800}
Content-Type: image/png
Cache-Control: max-age=14400
Accept-Ranges: bytes
CF-RAY: 6e59a0899e3483a9-MXP

GET
H/1.1 200
OK icon-30-a-soc-twitter.png
flortactheo.gq/_i/ 1 KB
2 KB 41ms
40ms Image
image/png 2a06:98c1:3121::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://flortactheo.gq/_i/icon-30-a-soc-twitter.png
Requested by: Host: flortactheo.gq
URL: http://flortactheo.gq/_static/OpenSans-Roboto-RobotoCondensed-define-layout-forms-header-menu-lightbox-nieruchomosci-paywall-message-1bc0e998e299128c73ed5100c28b2951-content.css
Protocol: HTTP/1.1
Server: 2a06:98c1:3121::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ef6bc03a26bf3dbb80a22a2eaf54523f07a7aebac158bcd69d58bd5a13cc9351

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://flortactheo.gq/_static/OpenSans-Roboto-RobotoCondensed-define-layout-forms-header-menu-lightbox-nieruchomosci-paywall-message-1bc0e998e299128c73ed5100c28b2951-content.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Wed, 02 Mar 2022 11:00:09 GMT
CF-Cache-Status: HIT
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Age: 2033
Connection: keep-alive
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
Content-Length: 1443
Last-Modified: Wed, 02 Mar 2022 09:23:57 GMT
Server: cloudflare
ETag: "621f37ad-5a3"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MOGnn0bbSpsOaLYw2wAbqYMfiKsdl2CpPPBreOd7Z4bj63o9F85taFgg3tUwH1%2Fm6bo3ZtbjXbAEWkTy%2BMxh6OyG3u3DhUMul6hd1PRYN%2FOgHMazYAJ7cWpnn5EL9EplQ0%2BDjZy9vmbD%2F6wcUg%3D%3D"}],"group":"cf-nel","max_age":604800}
Content-Type: image/png
Cache-Control: max-age=14400
Accept-Ranges: bytes
CF-RAY: 6e59a089a912839d-MXP

GET
H/1.1 200
OK ieVg2ZhZI2eCN5jzbjEETS9weq8-19eDpCEobdNZ.woff2
flortactheo.gq/_fonts/RobotoCondensed/ 17 KB
18 KB 411ms
229ms Font
application/octet-stream 2a06:98c1:3121::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: http://flortactheo.gq/_fonts/RobotoCondensed/ieVg2ZhZI2eCN5jzbjEETS9weq8-19eDpCEobdNZ.woff2
Requested by: Host: flortactheo.gq
URL: http://flortactheo.gq/_static/OpenSans-Roboto-RobotoCondensed-define-layout-forms-header-menu-lightbox-nieruchomosci-paywall-message-1bc0e998e299128c73ed5100c28b2951-content.css
Protocol: HTTP/1.1
Server: 2a06:98c1:3121::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d7c4b870733c836a4e6688f1d748901c9b766f678418dd321a4af64de93e20ec

Request headers

Referer: http://flortactheo.gq/_static/OpenSans-Roboto-RobotoCondensed-define-layout-forms-header-menu-lightbox-nieruchomosci-paywall-message-1bc0e998e299128c73ed5100c28b2951-content.css
Origin: http://flortactheo.gq
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Wed, 02 Mar 2022 11:00:09 GMT
CF-Cache-Status: MISS
Last-Modified: Wed, 02 Mar 2022 09:23:57 GMT
Server: cloudflare
ETag: "4380-5d938d7538e36"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VYERzBwKLUBFBFhnlKwjhophE8x2IIzkWuPjoGiFe%2F6sDNsqXcdTpI6dROFQtCQrCDjaqwWBtyRlWu1zENaTbCp9RzYVUeqC4ICNZ7CHvNFV3CjK8830te2nVq%2Fd9JKpte6XAKetwolZNL8f7A%3D%3D"}],"group":"cf-nel","max_age":604800}
Cache-Control: max-age=14400
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Connection: keep-alive
Accept-Ranges: bytes
CF-RAY: 6e59a087d8e183a9-MXP
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
Content-Length: 17280

GET
H/1.1 200
OK icon-30-a-soc-you-tube.png
flortactheo.gq/_i/ 1 KB
2 KB 157ms
156ms Image
image/png 2a06:98c1:3121::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://flortactheo.gq/_i/icon-30-a-soc-you-tube.png
Requested by: Host: flortactheo.gq
URL: http://flortactheo.gq/_static/OpenSans-Roboto-RobotoCondensed-define-layout-forms-header-menu-lightbox-nieruchomosci-paywall-message-1bc0e998e299128c73ed5100c28b2951-content.css
Protocol: HTTP/1.1
Server: 2a06:98c1:3121::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: cc450ca6f3818ff2ad8eae3a10277a1018c541e862cb5b9a34466a813e544bd0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://flortactheo.gq/_static/OpenSans-Roboto-RobotoCondensed-define-layout-forms-header-menu-lightbox-nieruchomosci-paywall-message-1bc0e998e299128c73ed5100c28b2951-content.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Wed, 02 Mar 2022 11:00:10 GMT
CF-Cache-Status: MISS
Last-Modified: Wed, 02 Mar 2022 09:23:57 GMT
Server: cloudflare
ETag: "621f37ad-530"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FxUz7KufjfUrKWZI9NT79MdA2zZtGSZ4e%2FK8wtREAWsat%2B5QM8HVye2hSom9xq3dS7V%2BL38naQfOukvIRmSyqEFu71XlkcczUFsS227V2wrNRPOMqZMDMdirH9UkM1IlrA%2F%2FplcyQPQfgonjog%3D%3D"}],"group":"cf-nel","max_age":604800}
Content-Type: image/png
Cache-Control: max-age=14400
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Connection: keep-alive
Accept-Ranges: bytes
CF-RAY: 6e59a089bc863751-MXP
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
Content-Length: 1328

GET
H/1.1 200
OK icon-30-a-soc-rss.png
flortactheo.gq/_i/ 1 KB
2 KB 151ms
151ms Image
image/png 2a06:98c1:3121::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://flortactheo.gq/_i/icon-30-a-soc-rss.png
Requested by: Host: flortactheo.gq
URL: http://flortactheo.gq/_static/OpenSans-Roboto-RobotoCondensed-define-layout-forms-header-menu-lightbox-nieruchomosci-paywall-message-1bc0e998e299128c73ed5100c28b2951-content.css
Protocol: HTTP/1.1
Server: 2a06:98c1:3121::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5becbc936c15ff90857967205040c247e0f8a58b4fcbac94763ed3a61e059210

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://flortactheo.gq/_static/OpenSans-Roboto-RobotoCondensed-define-layout-forms-header-menu-lightbox-nieruchomosci-paywall-message-1bc0e998e299128c73ed5100c28b2951-content.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Wed, 02 Mar 2022 11:00:10 GMT
CF-Cache-Status: MISS
Last-Modified: Wed, 02 Mar 2022 09:23:57 GMT
Server: cloudflare
ETag: "621f37ad-5a0"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=F6UmMDZYcjcUYtzGemFsYN86ahoBg%2Fg3y2ZqYldBbOOZjRfQJZI%2F6niMbwoQYPuwFXuGNYb83ddKmqbl83c1q8ZbYf9Y00AA2mghspoAcCRkWk88REV3%2F6Jj3D9C2zhxvdy5cgAFc0kK4zUVIg%3D%3D"}],"group":"cf-nel","max_age":604800}
Content-Type: image/png
Cache-Control: max-age=14400
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Connection: keep-alive
Accept-Ranges: bytes
CF-RAY: 6e59a089cec283a9-MXP
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
Content-Length: 1440

GET
H/1.1 200
OK icon-100-arrow-left.png
flortactheo.gq/_i/ 1 KB
2 KB 148ms
147ms Image
image/png 2a06:98c1:3121::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://flortactheo.gq/_i/icon-100-arrow-left.png
Requested by: Host: flortactheo.gq
URL: http://flortactheo.gq/_static/OpenSans-Roboto-RobotoCondensed-define-layout-forms-header-menu-lightbox-nieruchomosci-paywall-message-1bc0e998e299128c73ed5100c28b2951-content.css
Protocol: HTTP/1.1
Server: 2a06:98c1:3121::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9c7543f17ece99c6b9fc15cd93856cf12e5f8945284a5dbeb926bbb4ac81be73

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://flortactheo.gq/_static/OpenSans-Roboto-RobotoCondensed-define-layout-forms-header-menu-lightbox-nieruchomosci-paywall-message-1bc0e998e299128c73ed5100c28b2951-content.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Wed, 02 Mar 2022 11:00:10 GMT
CF-Cache-Status: MISS
Last-Modified: Wed, 02 Mar 2022 09:23:57 GMT
Server: cloudflare
ETag: "621f37ad-57e"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EaeTNJ4pijSYDiYwodTGrZGVWntaczeeobOf9oNnmwnVevFf6pWbbYV0AzRPWQdCzqPd4Ec8smX4roKteTI%2BTpRvV%2F84wV4bXnu9pGJe86AQkrXlBwU9t8sb9R1avz9ApbalBjzXlEaSopxA8Q%3D%3D"}],"group":"cf-nel","max_age":604800}
Content-Type: image/png
Cache-Control: max-age=14400
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Connection: keep-alive
Accept-Ranges: bytes
CF-RAY: 6e59a089f9d7839d-MXP
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
Content-Length: 1406

GET
H/1.1 200
OK icon-100-arrow-right.png
flortactheo.gq/_i/ 1 KB
2 KB 173ms
172ms Image
image/png 2a06:98c1:3121::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://flortactheo.gq/_i/icon-100-arrow-right.png
Requested by: Host: flortactheo.gq
URL: http://flortactheo.gq/_static/OpenSans-Roboto-RobotoCondensed-define-layout-forms-header-menu-lightbox-nieruchomosci-paywall-message-1bc0e998e299128c73ed5100c28b2951-content.css
Protocol: HTTP/1.1
Server: 2a06:98c1:3121::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6e8da9c93695d9066c06a0ff4ad814559e5c186cb7fc93e31a499183e14cdc92

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://flortactheo.gq/_static/OpenSans-Roboto-RobotoCondensed-define-layout-forms-header-menu-lightbox-nieruchomosci-paywall-message-1bc0e998e299128c73ed5100c28b2951-content.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Wed, 02 Mar 2022 11:00:10 GMT
CF-Cache-Status: MISS
Last-Modified: Wed, 02 Mar 2022 09:23:57 GMT
Server: cloudflare
ETag: "621f37ad-573"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GTYOo%2B34S43Mk4PXgbJo94BASZX9ONPqYq6DquNqUgIgJA2KurLBAWpRny0nCI1%2B8JRO9rg71ioQBWJU4284Rro5PUUPDyHATt7bFPkMlOn8xxS6cGtPC7ot83LE6LdcHhGDDkvrsVajrlacqA%3D%3D"}],"group":"cf-nel","max_age":604800}
Content-Type: image/png
Cache-Control: max-age=14400
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Connection: keep-alive
Accept-Ranges: bytes
CF-RAY: 6e59a089ef1683a9-MXP
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
Content-Length: 1395

GET
H/1.1 200
OK icon-20-c-arrow-bottom.png
flortactheo.gq/_i/ 1 KB
2 KB 45ms
44ms Image
image/png 2a06:98c1:3121::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://flortactheo.gq/_i/icon-20-c-arrow-bottom.png
Requested by: Host: flortactheo.gq
URL: http://flortactheo.gq/_static/OpenSans-Roboto-RobotoCondensed-define-layout-forms-header-menu-lightbox-nieruchomosci-paywall-message-1bc0e998e299128c73ed5100c28b2951-content.css
Protocol: HTTP/1.1
Server: 2a06:98c1:3121::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0643484d67311199055be01407f32b3310fec6a59fe9e85107ba5f41f19a2cf2

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://flortactheo.gq/_static/OpenSans-Roboto-RobotoCondensed-define-layout-forms-header-menu-lightbox-nieruchomosci-paywall-message-1bc0e998e299128c73ed5100c28b2951-content.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Wed, 02 Mar 2022 11:00:09 GMT
CF-Cache-Status: HIT
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Age: 2032
Connection: keep-alive
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
Content-Length: 1177
Last-Modified: Wed, 02 Mar 2022 09:23:57 GMT
Server: cloudflare
ETag: "621f37ad-499"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fEs50M0ypoIEqGvi7Sf4HlsYmVl3fjuspDRxGrd%2FbnoUrce50jVBXaUkOFRSAm4pYjnLTLt0L4YbXWBEIfsfdRAoLhq9Xm7RedY369D6IVmxDWa0dvNxqdbhIVr77Hx8veYtmyMbQJdo0wy68g%3D%3D"}],"group":"cf-nel","max_age":604800}
Content-Type: image/png
Cache-Control: max-age=14400
Accept-Ranges: bytes
CF-RAY: 6e59a08a695b59dd-MXP

GET
H/1.1 200
OK icon-20-c-arrow-right.png
flortactheo.gq/_i/ 1 KB
2 KB 162ms
161ms Image
image/png 2a06:98c1:3121::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://flortactheo.gq/_i/icon-20-c-arrow-right.png
Requested by: Host: flortactheo.gq
URL: http://flortactheo.gq/_static/OpenSans-Roboto-RobotoCondensed-define-layout-forms-header-menu-lightbox-nieruchomosci-paywall-message-1bc0e998e299128c73ed5100c28b2951-content.css
Protocol: HTTP/1.1
Server: 2a06:98c1:3121::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2d16c6bf2e25e475f0971bc6e839faa49e350a764a9e760053b613a0aab1d5f6

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://flortactheo.gq/_static/OpenSans-Roboto-RobotoCondensed-define-layout-forms-header-menu-lightbox-nieruchomosci-paywall-message-1bc0e998e299128c73ed5100c28b2951-content.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Wed, 02 Mar 2022 11:00:10 GMT
CF-Cache-Status: MISS
Last-Modified: Wed, 02 Mar 2022 09:23:57 GMT
Server: cloudflare
ETag: "621f37ad-493"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=J47cr2P6fGPef5TmgdMbLLtkfFcYDU75vLyEfm%2BbOzFZB8tOgabWKdnpVdCFsQflOydn5KZzZ2ZQDeh%2BMjVrNhRrChOrG9Y%2FJuRtCNI%2BGqqADZcfpkwbbi1Rya5tjOqJ3HRyg4jUjfFlaQwEOQ%3D%3D"}],"group":"cf-nel","max_age":604800}
Content-Type: image/png
Cache-Control: max-age=14400
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Connection: keep-alive
Accept-Ranges: bytes
CF-RAY: 6e59a08aaf7859ef-MXP
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
Content-Length: 1171

POST
H/1.1 404
Not Found hits.php Show response
flortactheo.gq/ 206 B
866 B 292ms
162ms XHR
text/html 2a06:98c1:3121::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: http://flortactheo.gq/hits.php
Requested by: Host: flortactheo.gq
URL: http://flortactheo.gq/_static/html5-jquery-3.5.1-lightbox-2.6.min-main-nieruchomosci-ads-deep.bi-98094d358c56483135314a865a0dd1f1-content.js
Protocol: HTTP/1.1
Server: 2a06:98c1:3121::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 813d68061248785859a089791ba33f25cf9e90e565fa62e5848d88224fc00e9d

Request headers

Accept: application/json, text/javascript, */*; q=0.01
Referer: http://flortactheo.gq/
X-Requested-With: XMLHttpRequest
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

Date: Wed, 02 Mar 2022 11:00:09 GMT
Content-Encoding: gzip
CF-Cache-Status: DYNAMIC
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
Transfer-Encoding: chunked
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3XV%2Bu0x0PZ8bCT6SYaJdyikPF1CuPrTz5VOWadj%2BWX64yW%2B%2Bn9sxGsVlElacH3KMwVwSnGcyzVzCUAhOAkfthBhtEG%2BUrtdKUEa9rxHt%2B%2B0cmEfMbs%2BPLA2e74WKMWp0rrHtGLEPnw%2B80jCOhw%3D%3D"}],"group":"cf-nel","max_age":604800}
Content-Type: text/html; charset=iso-8859-1
Connection: keep-alive
CF-RAY: 6e59a087fadc59dd-MXP
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H/1.1 200
OK prev.png
flortactheo.gq/_js/jquery/lightbox/css/img/ 1 KB
2 KB 39ms
38ms Image
image/png 2a06:98c1:3121::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://flortactheo.gq/_js/jquery/lightbox/css/img/prev.png
Requested by: Host: flortactheo.gq
URL: http://flortactheo.gq/_static/OpenSans-Roboto-RobotoCondensed-define-layout-forms-header-menu-lightbox-nieruchomosci-paywall-message-1bc0e998e299128c73ed5100c28b2951-content.css
Protocol: HTTP/1.1
Server: 2a06:98c1:3121::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7fd9273f20fdb1229c224341271a119020a5eee74ccf6b4605730917c864caf2

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://flortactheo.gq/_static/OpenSans-Roboto-RobotoCondensed-define-layout-forms-header-menu-lightbox-nieruchomosci-paywall-message-1bc0e998e299128c73ed5100c28b2951-content.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Wed, 02 Mar 2022 11:00:10 GMT
CF-Cache-Status: HIT
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Age: 2033
Connection: keep-alive
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
Content-Length: 1360
Last-Modified: Wed, 02 Mar 2022 09:23:57 GMT
Server: cloudflare
ETag: "621f37ad-550"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AMNTqM5XhFyC1qHNsrCQ6pN5PLpiLXwKHiMSDKP3mpfkVhrwndIKDF56UxfGjTkruVaqlGcrxcbyATz35XyAWi8oKcXtTL3DyYcI3tIyRNZg2HhE8BYFaZPGX3E0mP08SFbj2ozPSPaEeGC4RA%3D%3D"}],"group":"cf-nel","max_age":604800}
Content-Type: image/png
Cache-Control: max-age=14400
Accept-Ranges: bytes
CF-RAY: 6e59a08aaa1d59dd-MXP

GET
H/1.1 200
OK next.png
flortactheo.gq/_js/jquery/lightbox/css/img/ 1 KB
2 KB 37ms
37ms Image
image/png 2a06:98c1:3121::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://flortactheo.gq/_js/jquery/lightbox/css/img/next.png
Requested by: Host: flortactheo.gq
URL: http://flortactheo.gq/_static/OpenSans-Roboto-RobotoCondensed-define-layout-forms-header-menu-lightbox-nieruchomosci-paywall-message-1bc0e998e299128c73ed5100c28b2951-content.css
Protocol: HTTP/1.1
Server: 2a06:98c1:3121::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 15b869b02c6fbaa8c6c26445a2dd2d9bad80fd27b1409f8179e5dd89dc89d90a

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://flortactheo.gq/_static/OpenSans-Roboto-RobotoCondensed-define-layout-forms-header-menu-lightbox-nieruchomosci-paywall-message-1bc0e998e299128c73ed5100c28b2951-content.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Wed, 02 Mar 2022 11:00:10 GMT
CF-Cache-Status: HIT
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Age: 2032
Connection: keep-alive
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
Content-Length: 1350
Last-Modified: Wed, 02 Mar 2022 09:23:57 GMT
Server: cloudflare
ETag: "621f37ad-546"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=aN8yRGMQvAXshFMqU0ds%2BajBsYWDbSajHd5A1tOOd4HyMXU2IM13M55y3cyGfladOotAnf0EX4f1MIc04G5JZuWTWyNVV%2Fl27FVL0XZXdm6w7ib6nUROIWNap2RQsH3QXaCN75YrF78dqJxEzg%3D%3D"}],"group":"cf-nel","max_age":604800}
Content-Type: image/png
Cache-Control: max-age=14400
Accept-Ranges: bytes
CF-RAY: 6e59a08abef43751-MXP

GET
H/1.1 200
OK loading.gif
flortactheo.gq/_js/jquery/lightbox/css/img/ 8 KB
9 KB 29ms
29ms Image
image/gif 2a06:98c1:3121::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://flortactheo.gq/_js/jquery/lightbox/css/img/loading.gif
Requested by: Host: flortactheo.gq
URL: http://flortactheo.gq/_static/OpenSans-Roboto-RobotoCondensed-define-layout-forms-header-menu-lightbox-nieruchomosci-paywall-message-1bc0e998e299128c73ed5100c28b2951-content.css
Protocol: HTTP/1.1
Server: 2a06:98c1:3121::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 225aa88b6ab02c06222ec9468d62e15fa188e39cdb9431d1f55401ad380753ed

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://flortactheo.gq/_static/OpenSans-Roboto-RobotoCondensed-define-layout-forms-header-menu-lightbox-nieruchomosci-paywall-message-1bc0e998e299128c73ed5100c28b2951-content.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Wed, 02 Mar 2022 11:00:10 GMT
CF-Cache-Status: HIT
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Age: 2032
Connection: keep-alive
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
Content-Length: 8476
Last-Modified: Wed, 02 Mar 2022 09:23:57 GMT
Server: cloudflare
ETag: "621f37ad-211c"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZMG%2BjAnDC8on6K7ZIPIvZ9BC0R7of4mOp85Aa7X0V0A7MCURIm8aiiJgYCzUuSIrMyxclWpB4Durx0H2Q05tC6nvGGanSHTCHliYINhuTyFEBOqVDLRyNDlHGUzdw4EImyxAwCRv0eD6bmwIDA%3D%3D"}],"group":"cf-nel","max_age":604800}
Content-Type: image/gif
Cache-Control: max-age=14400
Accept-Ranges: bytes
CF-RAY: 6e59a08ab96883a9-MXP

GET
H/1.1 200
OK close.png
flortactheo.gq/_js/jquery/lightbox/css/img/ 280 B
1 KB 38ms
38ms Image
image/png 2a06:98c1:3121::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://flortactheo.gq/_js/jquery/lightbox/css/img/close.png
Requested by: Host: flortactheo.gq
URL: http://flortactheo.gq/_static/OpenSans-Roboto-RobotoCondensed-define-layout-forms-header-menu-lightbox-nieruchomosci-paywall-message-1bc0e998e299128c73ed5100c28b2951-content.css
Protocol: HTTP/1.1
Server: 2a06:98c1:3121::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5d62e6c90005bfb71f6abb440f9e4753681cb23bbd5e60477ab6f442d2f0e69c

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://flortactheo.gq/_static/OpenSans-Roboto-RobotoCondensed-define-layout-forms-header-menu-lightbox-nieruchomosci-paywall-message-1bc0e998e299128c73ed5100c28b2951-content.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Wed, 02 Mar 2022 11:00:10 GMT
CF-Cache-Status: HIT
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Age: 2031
Connection: keep-alive
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
Content-Length: 280
Last-Modified: Wed, 02 Mar 2022 09:23:57 GMT
Server: cloudflare
ETag: "621f37ad-118"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Kud%2Fmku1NkTbVKBSjxdd0l72caAdy1%2FGYzXS%2FiVJaJ74RgM0eVYOwgHCswDWU%2BxR2xKIvEfc41XC5SYyTuIS50VxiXh3SyVHH6mcDxuSGJBas2Zqll4otXqt9MQo%2FEx%2B9fn6IZbNr0qpYTh74w%3D%3D"}],"group":"cf-nel","max_age":604800}
Content-Type: image/png
Cache-Control: max-age=14400
Accept-Ranges: bytes
CF-RAY: 6e59a08adc74839d-MXP

GET
H3 200 534361764150757 Show response
connect.facebook.net/signals/config/ 307 KB
87 KB 10ms
10ms Script
application/x-javascript 2a03:2880:f02d:12:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/534361764150757?v=2.9.52&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f02d:12:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

66d40d6d50a3a93dffb20255fecae710778d487d96aca96983fe32033309e72d

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://flortactheo.gq/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding: gzip
x-content-type-options: nosniff
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=3600,h3-29=":443"; ma=3600
content-length: 89131
x-xss-protection: 0
pragma: public
x-fb-debug: lkueApMpFfk6G/2QcjWU4bc+pPihfN56HJPYnlq1dgG4HxsM2CZPpPX48O/86kygg1jiwceWrmCz/xzEdTgWCg==
x-frame-options: DENY
date: Wed, 02 Mar 2022 11:00:09 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
x-fb-rlafr: 0
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H3 200 sdk.js Show response
connect.facebook.net/pl_PL/ 301 KB
85 KB 19ms
7ms Script
application/x-javascript 2a03:2880:f02d:12:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/pl_PL/sdk.js?hash=d8c3e010caa54eead6fa812e1ee626a2

Requested by

Host: connect.facebook.net
URL: http://connect.facebook.net/pl_PL/sdk.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f02d:12:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

cd45d2187d9416f2c37beaa4fb34161916d7c354d0a169139828b2bced9166a0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: http://flortactheo.gq/
Origin: http://flortactheo.gq
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
content-md5: x2I/VhNYKJhuD9rAcCzL/Q==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=3600,h3-29=":443"; ma=3600
content-length: 86726
x-fb-rlafr: 0
x-fb-debug: r7cZUj2UE/ahkIZMIChVNOnIYEhEnLAmqhQZLbdIKjhs538ZUQTlDzzYqCqBGjFR3Rrj3ggp8rgTWUhXZZRFmQ==
x-fb-content-md5: 41b4a070bc015a5d2d009196f2825dad
x-frame-options: DENY
date: Wed, 02 Mar 2022 11:00:09 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=31536000,stale-while-revalidate=3600,immutable
etag: "5e23f282d9b521fbb94fc28af2f3945e"
timing-allow-origin: *
priority: u=3,i
expires: Thu, 02 Mar 2023 08:05:04 GMT

GET
H2 200 fpdata.js Show response
advice.hit.gemius.pl/ 283 B
514 B 145ms
74ms Script
application/x-javascript 185.11.128.205
Autonomous System...

General

Check archive.org

Show headers Download Go to

Full URL: https://advice.hit.gemius.pl/fpdata.js?href=flortactheo.gq
Requested by: Host: advice.hit.gemius.pl
URL: http://advice.hit.gemius.pl/xgemius.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 185.11.128.205 , Poland, ASN50599 (Autonomous System for Data Space Sp. z o.o., PL),
Reverse DNS: host-185-11-128-205.dataspace.pl
Software: GHC /
Resource Hash: a15808eec53e76dc564e7f6f7e26ff3a52cb2cb13d847d3b3b1f0d4bbc6f04e5

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://flortactheo.gq/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 02 Mar 2022 11:00:09 GMT
last-modified: Mon, 16 Jul 2012 10:03:40 GMT
server: GHC
etag: PRIVATE7520710249
p3p: CP="NOI DSP COR NID PSAo OUR IND"
cache-control: private, max-age=2592000
cross-origin-resource-policy: cross-origin
accept-ranges: none
content-type: application/x-javascript
content-length: 283
expires: Fri, 01 Apr 2022 11:00:09 GMT

GET
H/1.1 200
OK lsget.html Show response
ls.hit.gemius.pl/ Frame BEFD 5 KB
3 KB 55ms
26ms Document
text/html 146.59.30.96
OVH

General

Check archive.org

Show headers Download Go to

Full URL: http://ls.hit.gemius.pl/lsget.html
Requested by: Host: advice.hit.gemius.pl
URL: http://advice.hit.gemius.pl/xgemius.js
Protocol: HTTP/1.1
Server: 146.59.30.96 , France, ASN16276 (OVH, FR),
Reverse DNS: ip96.ip-146-59-30.eu
Software: GHC /
Resource Hash: e66998934cd8408cfacf7393cd0243727cca5ee398e65d7e26f28e54c4388d6e

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: http://flortactheo.gq/

Response headers

Date: Wed, 02 Mar 2022 11:00:09 GMT
Expires: Fri, 01 Apr 2022 11:00:09 GMT
Server: GHC
Accept-Ranges: none
Cache-Control: private, max-age=2592000
Last-Modified: Mon, 16 Jul 2012 10:03:40 GMT
ETag: PRIVATE7520710249
Vary: Accept-Encoding,Origin,User-Agent
Cross-Origin-Resource-Policy: cross-origin
P3P: CP="NOI DSP COR NID PSAo OUR IND"
Connection: keep-alive
Keep-Alive: timeout=10
Content-Type: text/html;charset=utf-8
Content-Length: 2730
Content-Encoding: gzip

GET
H2 200 conversion_async.js Show response
www.googleadservices.com/pagead/ 39 KB
15 KB 63ms
35ms Script
text/javascript 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion_async.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WC56M55

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

cafe /

Resource Hash

083ec931e5517a4ab713afbe9561e72b9186cb54e21b8b1eface9caefb54a966

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://flortactheo.gq/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 02 Mar 2022 11:00:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14879
x-xss-protection: 0
server: cafe
etag: 17635014576153706337
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Wed, 02 Mar 2022 11:00:09 GMT

GET
H3

200

js Show response
www.googletagmanager.com/gtag/
Redirect Chain

http://www.googletagmanager.com/gtag/js?id=G-76JW1KVZM8&l=dataLayer&cx=c
https://www.googletagmanager.com/gtag/js?id=G-76JW1KVZM8&l=dataLayer&cx=c

174 KB
64 KB

43ms
27ms

Script
application/javascript

2a00:1450:4001:831::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-76JW1KVZM8&l=dataLayer&cx=c

Requested by

Host: flortactheo.gq
URL: http://flortactheo.gq/

Protocol

Server

2a00:1450:4001:831::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

4b3831496d24be5acab94c157b020285e22c3d16009bb8961572d1ff5221eaae

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://flortactheo.gq/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 02 Mar 2022 11:00:09 GMT
content-encoding: br
server: Google Tag Manager
access-control-allow-headers: Cache-Control
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 65290
x-xss-protection: 0
expires: Wed, 02 Mar 2022 11:00:09 GMT

Redirect headers

Location: https://www.googletagmanager.com/gtag/js?id=G-76JW1KVZM8&l=dataLayer&cx=c
Non-Authoritative-Reason: HSTS
Cross-Origin-Resource-Policy: Cross-Origin

GET
H2 200 /
www.facebook.com/tr/ 44 B
407 B 38ms
7ms Image
image/gif 2a03:2880:f11c:8083:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=534361764150757&ev=PageView&dl=http%3A%2F%2Fflortactheo.gq%2F&rl=&if=false&ts=1646218809586&sw=1600&sh=1200&v=2.9.52&r=stable&ec=0&o=30&fbp=fb.1.1646218809585.1435483099&it=1646218809492&coo=false&exp=p0&rqm=GET

Requested by

Host: flortactheo.gq
URL: http://flortactheo.gq/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f11c:8083:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://flortactheo.gq/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 02 Mar 2022 11:00:09 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length: 44
expires: Wed, 02 Mar 2022 11:00:09 GMT

GET
H2 200 lsget.html Show response
ls.hit.gemius.pl/ Frame 9D8B 5 KB
3 KB 91ms
31ms Document
text/html 146.59.30.96
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://ls.hit.gemius.pl/lsget.html?mode=new
Requested by: Host: ls.hit.gemius.pl
URL: http://ls.hit.gemius.pl/lsget.html
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 146.59.30.96 , France, ASN16276 (OVH, FR),
Reverse DNS: ip96.ip-146-59-30.eu
Software: GHC /
Resource Hash: a30babf05171e9a7d1d3b04e2731bdaae815370dc6d05ee31914f3249fee9490

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: http://ls.hit.gemius.pl/

Response headers

date: Wed, 02 Mar 2022 11:00:09 GMT
expires: Fri, 01 Apr 2022 11:00:09 GMT
server: GHC
accept-ranges: none
cache-control: private, max-age=2592000
last-modified: Mon, 16 Jul 2012 10:03:40 GMT
etag: PRIVATE7520710249
vary: Accept-Encoding,Origin,User-Agent
cross-origin-resource-policy: cross-origin
p3p: CP="NOI DSP COR NID PSAo OUR IND"
content-type: text/html;charset=utf-8
content-length: 2716
content-encoding: gzip

POST
H2 204 collect
www.google-analytics.com/g/ 0
169 B 49ms
15ms Ping
text/plain 2a00:1450:4001:810::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.google-analytics.com/g/collect?v=2&tid=G-76JW1KVZM8&gtm=2oe2s0&_p=113841053&sr=1600x1200&ul=en-us&cid=1585783081.1646218810&_s=1&dl=http%3A%2F%2Fflortactheo.gq%2F&dt=Gdzie%20inwestowa%C4%87%20w%20Gda%C5%84sku%3F%20%E2%80%93%20Wiadomo%C5%9Bci%20Nieruchomo%C5%9Bci%20Wprost&sid=1646218809&sct=1&seg=0&en=page_view&_fv=1&_nsi=1&_ss=1
Requested by: Host: www.googletagmanager.com
URL: http://www.googletagmanager.com/gtag/js?id=G-76JW1KVZM8&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://flortactheo.gq/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 02 Mar 2022 11:00:09 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: http://flortactheo.gq
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 37ms
5ms Script
text/javascript 2a00:1450:4001:810::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-8969414-2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://flortactheo.gq/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 02 Nov 2021 17:39:06 GMT
server: Golfe2
age: 5116
date: Wed, 02 Mar 2022 09:34:53 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20006
expires: Wed, 02 Mar 2022 11:34:53 GMT

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/854368221/ 2 KB
2 KB 45ms
20ms Script
text/javascript 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/854368221/?random=1646218809680&cv=9&fst=1646218809680&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2wg2s0&sendb=1&ig=1&frm=0&url=http%3A%2F%2Fflortactheo.gq%2F&tiba=Gdzie%20inwestowa%C4%87%20w%20Gda%C5%84sku%3F%20%E2%80%93%20Wiadomo%C5%9Bci%20Nieruchomo%C5%9Bci%20Wprost&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b4aee7661321203f130151e68ffe5c6225ce133469bc7811f0c08c49fb0fcc45

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://flortactheo.gq/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 02 Mar 2022 11:00:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1063
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 pubads_impl_2021111701.js Show response
securepubads.g.doubleclick.net/gpt/ 345 KB
116 KB 42ms
11ms Script
text/javascript 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021111701.js

Requested by

Host: flortactheo.gq
URL: http://flortactheo.gq/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

sffe /

Resource Hash

8d8aa9c2c3798099cba43890c7808bfb34b70dbc853177ef287b50bc28161911

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://flortactheo.gq/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 25 Feb 2022 01:10:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 467352
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 118578
x-xss-protection: 0
last-modified: Wed, 17 Nov 2021 09:34:38 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Sat, 25 Feb 2023 01:10:57 GMT

GET
H2 200 ppub_config Show response
securepubads.g.doubleclick.net/pagead/ 36 B
686 B 48ms
19ms XHR
application/json 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=flortactheo.gq

Requested by

Host: flortactheo.gq
URL: http://flortactheo.gq/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

cafe /

Resource Hash

62c29e5063bc5a13f218a3155a2fcf5424e4a980cb745dc69ecf3011a400ce0c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://flortactheo.gq/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 02 Mar 2022 11:00:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private, max-age=3600, stale-while-revalidate=3600
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 50
x-xss-protection: 0
expires: Wed, 02 Mar 2022 11:00:09 GMT

GET
H/1.1 200
OK gpt.js Show response
www.googletagservices.com/tag/js/ 82 KB
28 KB 23ms
17ms Script
text/javascript 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

http://www.googletagservices.com/tag/js/gpt.js

Requested by

Host: flortactheo.gq
URL: http://flortactheo.gq/tag/323699896.min.js

Protocol

HTTP/1.1

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e6da099f98e79188b479b8e3d8be836b73411e02da2dba4e8ac8ccb8f2b98b59

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://flortactheo.gq/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Wed, 02 Mar 2022 11:00:09 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Server: sffe
ETag: "1147 / 467 of 1000 / last-modified: 1646214131"
Vary: Accept-Encoding
Report-To: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
Content-Type: text/javascript
Cache-Control: private, max-age=900, stale-while-revalidate=3600
Cross-Origin-Resource-Policy: cross-origin
Timing-Allow-Origin: *
Content-Length: 27879
X-XSS-Protection: 0
Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="ads-gpt-scs"
Expires: Wed, 02 Mar 2022 11:00:09 GMT

GET
H/1.1 200
OK prebid3.16.2.BC.js Show response
get.optad360.io/sf/ 246 KB
247 KB 41ms
9ms Script
application/javascript 2600:9000:206f:5800:11:a4de:2580:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: http://get.optad360.io/sf/prebid3.16.2.BC.js
Requested by: Host: flortactheo.gq
URL: http://flortactheo.gq/tag/323699896.min.js
Protocol: HTTP/1.1
Server: 2600:9000:206f:5800:11:a4de:2580:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 8067ebedbe560e9197bd73675a916a0c8608c981bce15196838492731565bcbb

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://flortactheo.gq/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Tue, 23 Nov 2021 12:30:16 GMT
Via: 1.1 36d9e1bd4f00d39c57a56679dc44e264.cloudfront.net (CloudFront)
Connection: keep-alive
Last-Modified: Tue, 11 Aug 2020 07:44:16 GMT
Server: AmazonS3
Age: 8548194
ETag: "4dff781498624c4d6a8a35ebcda07b4c"
X-Cache: Hit from cloudfront
Content-Type: application/javascript
Cache-Control: public, max-age=360000000
X-Amz-Cf-Pop: FRA56-C1
Accept-Ranges: bytes
Content-Length: 252405
X-Amz-Cf-Id: PFciQVg9FxEj1Fs2BeiRlkUISXZ6319Lm7e3tRFGDGYZ0n4VziVwiA==

POST
H3 200 collect Show response
www.google-analytics.com/j/ 2 B
22 B 42ms
24ms XHR
text/plain 2a00:1450:4001:810::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j96&a=113841053&t=pageview&_s=1&dl=http%3A%2F%2Fflortactheo.gq%2F&ul=en-us&de=UTF-8&dt=Gdzie%20inwestowa%C4%87%20w%20Gda%C5%84sku%3F%20%E2%80%93%20Wiadomo%C5%9Bci%20Nieruchomo%C5%9Bci%20Wprost&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YADAAUABAAAAAC~&jid=2123276725&gjid=1835454085&cid=1585783081.1646218810&tid=UA-8969414-2&_gid=1073739330.1646218810&_r=1&gtm=2ou2s0&z=1635615809

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: http://flortactheo.gq/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 02 Mar 2022 11:00:09 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: http://flortactheo.gq
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 15ms
14ms Image
image/gif 2a00:1450:4001:810::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j96&a=113841053&t=event&_s=2&dl=http%3A%2F%2Fflortactheo.gq%2F&ul=en-us&de=UTF-8&dt=Gdzie%20inwestowa%C4%87%20w%20Gda%C5%84sku%3F%20%E2%80%93%20Wiadomo%C5%9Bci%20Nieruchomo%C5%9Bci%20Wprost&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=genesis_ads&ea=AD%20optad360%20Slot%20Created&_u=YADAAUABAAAAAC~&jid=&gjid=&cid=1585783081.1646218810&tid=UA-8969414-2&_gid=1073739330.1646218810&gtm=2ou2s0&z=1412151936

Requested by

Host: flortactheo.gq
URL: http://flortactheo.gq/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://flortactheo.gq/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 02 Mar 2022 10:25:11 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 2098
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 15ms
14ms Image
image/gif 2a00:1450:4001:810::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j96&a=113841053&t=event&_s=3&dl=http%3A%2F%2Fflortactheo.gq%2F&ul=en-us&de=UTF-8&dt=Gdzie%20inwestowa%C4%87%20w%20Gda%C5%84sku%3F%20%E2%80%93%20Wiadomo%C5%9Bci%20Nieruchomo%C5%9Bci%20Wprost&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=genesis_ads&ea=AD%20IDMnet%20Cascade%20Slot%20Created&_u=YADAAUABAAAAAC~&jid=&gjid=&cid=1585783081.1646218810&tid=UA-8969414-2&_gid=1073739330.1646218810&gtm=2ou2s0&z=334164359

Requested by

Host: flortactheo.gq
URL: http://flortactheo.gq/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://flortactheo.gq/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 02 Mar 2022 10:25:11 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 2098
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 16ms
13ms Image
image/gif 2a00:1450:4001:810::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j96&a=113841053&t=event&_s=4&dl=http%3A%2F%2Fflortactheo.gq%2F&ul=en-us&de=UTF-8&dt=Gdzie%20inwestowa%C4%87%20w%20Gda%C5%84sku%3F%20%E2%80%93%20Wiadomo%C5%9Bci%20Nieruchomo%C5%9Bci%20Wprost&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=genesis_ads&ea=AD%20GAM%20Slot%20Created&_u=YADAAUABAAAAAC~&jid=&gjid=&cid=1585783081.1646218810&tid=UA-8969414-2&_gid=1073739330.1646218810&gtm=2ou2s0&z=1117156238

Requested by

Host: flortactheo.gq
URL: http://flortactheo.gq/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://flortactheo.gq/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 02 Mar 2022 10:25:11 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 2098
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 18ms
16ms Image
image/gif 2a00:1450:4001:810::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j96&a=113841053&t=event&_s=5&dl=http%3A%2F%2Fflortactheo.gq%2F&ul=en-us&de=UTF-8&dt=Gdzie%20inwestowa%C4%87%20w%20Gda%C5%84sku%3F%20%E2%80%93%20Wiadomo%C5%9Bci%20Nieruchomo%C5%9Bci%20Wprost&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=genesis_ads&ea=AD%20optad360%20Slot%20Created&_u=YADAAUABAAAAAC~&jid=&gjid=&cid=1585783081.1646218810&tid=UA-8969414-2&_gid=1073739330.1646218810&gtm=2ou2s0&z=1579433489

Requested by

Host: flortactheo.gq
URL: http://flortactheo.gq/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://flortactheo.gq/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 02 Mar 2022 10:25:11 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 2098
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 17ms
16ms Image
image/gif 2a00:1450:4001:810::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j96&a=113841053&t=event&_s=6&dl=http%3A%2F%2Fflortactheo.gq%2F&ul=en-us&de=UTF-8&dt=Gdzie%20inwestowa%C4%87%20w%20Gda%C5%84sku%3F%20%E2%80%93%20Wiadomo%C5%9Bci%20Nieruchomo%C5%9Bci%20Wprost&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=genesis_ads&ea=AD%20GAM%20Slot%20Created&_u=YADAAUABAAAAAC~&jid=&gjid=&cid=1585783081.1646218810&tid=UA-8969414-2&_gid=1073739330.1646218810&gtm=2ou2s0&z=726460710

Requested by

Host: flortactheo.gq
URL: http://flortactheo.gq/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://flortactheo.gq/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 02 Mar 2022 10:25:11 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 2098
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 17ms
16ms Image
image/gif 2a00:1450:4001:810::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j96&a=113841053&t=event&_s=7&dl=http%3A%2F%2Fflortactheo.gq%2F&ul=en-us&de=UTF-8&dt=Gdzie%20inwestowa%C4%87%20w%20Gda%C5%84sku%3F%20%E2%80%93%20Wiadomo%C5%9Bci%20Nieruchomo%C5%9Bci%20Wprost&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=genesis_ads&ea=AD%20optad360%20Slot%20Created&_u=YADAAUABAAAAAC~&jid=&gjid=&cid=1585783081.1646218810&tid=UA-8969414-2&_gid=1073739330.1646218810&gtm=2ou2s0&z=1007043369

Requested by

Host: flortactheo.gq
URL: http://flortactheo.gq/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://flortactheo.gq/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 02 Mar 2022 10:25:11 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 2098
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 17ms
16ms Image
image/gif 2a00:1450:4001:810::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j96&a=113841053&t=event&_s=8&dl=http%3A%2F%2Fflortactheo.gq%2F&ul=en-us&de=UTF-8&dt=Gdzie%20inwestowa%C4%87%20w%20Gda%C5%84sku%3F%20%E2%80%93%20Wiadomo%C5%9Bci%20Nieruchomo%C5%9Bci%20Wprost&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=genesis_ads&ea=AD%20GAM%20Slot%20Created&_u=YADAAUABAAAAAC~&jid=&gjid=&cid=1585783081.1646218810&tid=UA-8969414-2&_gid=1073739330.1646218810&gtm=2ou2s0&z=1745806740

Requested by

Host: flortactheo.gq
URL: http://flortactheo.gq/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://flortactheo.gq/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 02 Mar 2022 10:25:11 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 2098
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 17ms
16ms Image
image/gif 2a00:1450:4001:810::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j96&a=113841053&t=event&_s=9&dl=http%3A%2F%2Fflortactheo.gq%2F&ul=en-us&de=UTF-8&dt=Gdzie%20inwestowa%C4%87%20w%20Gda%C5%84sku%3F%20%E2%80%93%20Wiadomo%C5%9Bci%20Nieruchomo%C5%9Bci%20Wprost&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=genesis_ads&ea=AD%20GAM%20Slot%20Created&_u=YADAAUABAAAAAC~&jid=&gjid=&cid=1585783081.1646218810&tid=UA-8969414-2&_gid=1073739330.1646218810&gtm=2ou2s0&z=1530479644

Requested by

Host: flortactheo.gq
URL: http://flortactheo.gq/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://flortactheo.gq/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 02 Mar 2022 10:25:11 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 2098
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 17ms
17ms Image
image/gif 2a00:1450:4001:810::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j96&a=113841053&t=event&_s=10&dl=http%3A%2F%2Fflortactheo.gq%2F&ul=en-us&de=UTF-8&dt=Gdzie%20inwestowa%C4%87%20w%20Gda%C5%84sku%3F%20%E2%80%93%20Wiadomo%C5%9Bci%20Nieruchomo%C5%9Bci%20Wprost&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=genesis_ads&ea=AD%20optad360%20Slot%20Created&_u=YADAAUABAAAAAC~&jid=&gjid=&cid=1585783081.1646218810&tid=UA-8969414-2&_gid=1073739330.1646218810&gtm=2ou2s0&z=613395989

Requested by

Host: flortactheo.gq
URL: http://flortactheo.gq/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://flortactheo.gq/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 02 Mar 2022 10:25:11 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 2098
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 cl09g6b1h0m3aei49bv Show response
scoring.deep.bi/score/j7odeRmIZNFp/ 2 B
345 B 218ms
164ms XHR
application/json 2606:4700:10::ac43:c60
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://scoring.deep.bi/score/j7odeRmIZNFp/cl09g6b1h0m3aei49bv?id=deepcookie&column=score
Requested by: Host: api.deep.bi
URL: http://api.deep.bi/v3/init.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:c60 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://flortactheo.gq/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 02 Mar 2022 11:00:09 GMT
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin
content-type: application/json
access-control-allow-origin: http://flortactheo.gq
access-control-expose-headers: Amp-Access-Control-Allow-Source-Origin, Access-Control-Allow-Origin, Access-Control-Allow-Credentials
access-control-allow-credentials: true
cf-ray: 6e59a089ae3583b4-MXP
content-length: 2

GET
H2 200 cl09g6b1h0m3aei49bv Show response
scoring.deep.bi/score/j7odeRmIZNFp/ 2 B
58 B 329ms
276ms XHR
application/json 2606:4700:10::ac43:c60
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://scoring.deep.bi/score/j7odeRmIZNFp/cl09g6b1h0m3aei49bv?id=deepcookie&column=level
Requested by: Host: api.deep.bi
URL: http://api.deep.bi/v3/init.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:c60 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://flortactheo.gq/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 02 Mar 2022 11:00:10 GMT
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin
content-type: application/json
access-control-allow-origin: http://flortactheo.gq
access-control-expose-headers: Amp-Access-Control-Allow-Source-Origin, Access-Control-Allow-Origin, Access-Control-Allow-Credentials
access-control-allow-credentials: true
cf-ray: 6e59a089ae3e83b4-MXP
content-length: 2

GET
H2 200 cl09g6b1h0m3aei49bv Show response
scoring.deep.bi/score/j7odeRmIZNFp/ 2 B
58 B 329ms
275ms XHR
application/json 2606:4700:10::ac43:c60
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://scoring.deep.bi/score/j7odeRmIZNFp/cl09g6b1h0m3aei49bv?id=deepcookie&column=profile
Requested by: Host: api.deep.bi
URL: http://api.deep.bi/v3/init.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:c60 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://flortactheo.gq/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 02 Mar 2022 11:00:10 GMT
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin
content-type: application/json
access-control-allow-origin: http://flortactheo.gq
access-control-expose-headers: Amp-Access-Control-Allow-Source-Origin, Access-Control-Allow-Origin, Access-Control-Allow-Credentials
access-control-allow-credentials: true
cf-ray: 6e59a089ae4983b4-MXP
content-length: 2

GET
H/1.1 200
OK events Show response
api.deep.bi/v1/streams/j7odeRmIZNFp/ 16 B
797 B 102ms
86ms XHR
text/plain 2606:4700:10::6816:28b9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: http://api.deep.bi/v1/streams/j7odeRmIZNFp/events
Requested by: Host: api.deep.bi
URL: http://api.deep.bi/v3/init.js
Protocol: HTTP/1.1
Server: 2606:4700:10::6816:28b9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9f727d50447a9481cdb0ec1bd66483abf8c8deb564a0fa5ca7dafc13fd8d9aa8

Request headers

Authorization: bearer Da16NqKwj2619hxwdhdGH9u1
Referer: http://flortactheo.gq/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 02 Mar 2022 11:00:09 GMT
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 6e59a089fa0e5a1f-MXP
P3P: policyref="http://api.deep.bi/w3c/p3p.xml", CP="ADMa DEVa TAIa PSAa PSDa OUR IND DSP NON COR"
Access-Control-Allow-Origin: http://flortactheo.gq
Cache-Control: no-cache, no-store, must-revalidate
X-Server: tr01-fsn1.prod-deep.com
Connection: keep-alive
Access-Control-Allow-Credentials: true
Content-Type: text/plain; charset=utf-8
Content-Length: 16
Expires: 0

OPTIONS
H/1.1 204
No Content events
api.deep.bi/v1/streams/j7odeRmIZNFp/ Frame 0
0 89ms
89ms Preflight 2606:4700:10::6816:28b9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: http://api.deep.bi/v1/streams/j7odeRmIZNFp/events
Protocol: HTTP/1.1
Server: 2606:4700:10::6816:28b9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Headers: authorization
Origin: http://flortactheo.gq
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

Date: Wed, 02 Mar 2022 11:00:09 GMT
Connection: keep-alive
Access-Control-Allow-Origin: http://flortactheo.gq
Access-Control-Allow-Credentials: true
Access-Control-Max-Age: 3600
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: Accept-Encoding,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Mx-ReqToken,X-Requested-With,Device-Stock-UA,X-Device-User-Agent,X-Operamini-Phone-UA
X-Server: tr01-fsn1.prod-deep.com
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 6e59a08949865995-MXP

GET
H2 200 cl09g6b1h0m3aei49bv Show response
scoring.deep.bi/score/j7odeRmIZNFp/ 2 B
81 B 275ms
261ms XHR
application/json 2606:4700:10::ac43:c60
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://scoring.deep.bi/score/j7odeRmIZNFp/cl09g6b1h0m3aei49bv?id=deepcookie&column=profile
Requested by: Host: api.deep.bi
URL: http://api.deep.bi/v3/init.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:c60 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://flortactheo.gq/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 02 Mar 2022 11:00:10 GMT
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin
content-type: application/json
access-control-allow-origin: http://flortactheo.gq
access-control-expose-headers: Amp-Access-Control-Allow-Source-Origin, Access-Control-Allow-Origin, Access-Control-Allow-Credentials
access-control-allow-credentials: true
cf-ray: 6e59a089ae4383b4-MXP
content-length: 2

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
440 B 69ms
19ms XHR
text/plain 2a00:1450:400c:c00::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-8969414-2&cid=1585783081.1646218810&jid=2123276725&gjid=1835454085&_gid=1073739330.1646218810&_u=YADAAUAAAAAAAC~&z=335768336

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c00::9b Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: http://flortactheo.gq/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Wed, 02 Mar 2022 11:00:09 GMT
content-type: text/plain
access-control-allow-origin: http://flortactheo.gq
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.com/pagead/1p-user-list/854368221/ 42 B
548 B 48ms
22ms Image
image/gif 2a00:1450:4001:808::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/854368221/?random=1646218809680&cv=9&fst=1646218800000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2wg2s0&sendb=1&frm=0&url=http%3A%2F%2Fflortactheo.gq%2F&tiba=Gdzie%20inwestowa%C4%87%20w%20Gda%C5%84sku%3F%20%E2%80%93%20Wiadomo%C5%9Bci%20Nieruchomo%C5%9Bci%20Wprost&async=1&fmt=3&is_vtc=1&random=2704194997&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Requested by

Host: flortactheo.gq
URL: http://flortactheo.gq/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://flortactheo.gq/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 02 Mar 2022 11:00:09 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/854368221/ 42 B
548 B 48ms
22ms Image
image/gif 2a00:1450:4001:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/854368221/?random=1646218809680&cv=9&fst=1646218800000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2wg2s0&sendb=1&frm=0&url=http%3A%2F%2Fflortactheo.gq%2F&tiba=Gdzie%20inwestowa%C4%87%20w%20Gda%C5%84sku%3F%20%E2%80%93%20Wiadomo%C5%9Bci%20Nieruchomo%C5%9Bci%20Wprost&async=1&fmt=3&is_vtc=1&random=2704194997&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Requested by

Host: flortactheo.gq
URL: http://flortactheo.gq/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://flortactheo.gq/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 02 Mar 2022 11:00:09 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 integrator.js Show response
adservice.google.ru/adsid/ 107 B
792 B 62ms
21ms Script
application/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.ru/adsid/integrator.js?domain=flortactheo.gq

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021111701.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://flortactheo.gq/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 02 Mar 2022 11:00:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
549 B 54ms
20ms Script
application/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=flortactheo.gq

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021111701.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://flortactheo.gq/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 02 Mar 2022 11:00:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 19 KB
10 KB 340ms
325ms XHR
text/plain 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=2999208834577887&correlator=1105897832903735&output=ldjh&impl=fifs&eid=31063182&vrg=2021111701&ptt=17&sc=0&sfv=1-0-38&ecs=20220302&iu_parts=60089353%2CWprost%2Cart_rec_szpalta_2&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=360x600%7C336x280%7C360x300%7C300x250%7C320x100%7C160x600%7C120x600&eri=1&cust_params=Wprost_sekcja%3Dnieruchomosci%26exp%3DP&cookie_enabled=1&bc=23&abxe=1&lmt=1646218809&dt=1646218809902&dlt=1646218809199&idt=654&frm=20&biw=1600&bih=1200&oid=2&adxs=1027&adys=983&adks=2053822233&ucis=1&ifi=1&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=http%3A%2F%2Fflortactheo.gq%2F&vis=1&stss=1&scr_x=0&scr_y=0&psz=386x1&msz=360x-1&ga_vid=1585783081.1646218810&ga_sid=1646218810&ga_hid=113841053&ga_fc=true&fws=4&ohw=1600&btvi=0&nvt=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021111701.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

cafe /

Resource Hash

bc757d6121e94183a42f5ef8e5a9b1d0a65ed643cb07bd8e6f860401bbc89fd1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://flortactheo.gq/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 02 Mar 2022 11:00:10 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10217
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: http://flortactheo.gq
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
2fd01d3a1c917271c9e715357d1c4fbe.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame A5D0 6 KB
4 KB 78ms
20ms Document
text/html 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://2fd01d3a1c917271c9e715357d1c4fbe.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021111701.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: http://flortactheo.gq/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
date: Wed, 02 Mar 2022 11:00:09 GMT
expires: Thu, 02 Mar 2023 11:00:09 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2

200

rexdot.js Show response
advice.hit.gemius.pl/__/_1646218809912/
Redirect Chain

https://advice.hit.gemius.pl/_1646218809912/rexdot.js?l=100&id=bPo70ouuVF6BwErIBuw7vsQM7KSWflChLqi.FWhl1jr.m7&et=view&hsrc=1&initsonar=1&extra=&eventid=0&fr=1&tz=0&fv=-&href=http%3A%2F%2Fflortacthe...
https://advice.hit.gemius.pl/__/_1646218809912/rexdot.js?l=100&id=bPo70ouuVF6BwErIBuw7vsQM7KSWflChLqi.FWhl1jr.m7&et=view&hsrc=1&initsonar=1&extra=&eventid=0&fr=1&tz=0&fv=-&href=http%3A%2F%2Fflortac...

452 B
705 B

91ms
90ms

Script
application/x-javascript

185.11.128.205
Autonomous System...

General

Check archive.org

Show headers Download Go to

Full URL: https://advice.hit.gemius.pl/__/_1646218809912/rexdot.js?l=100&id=bPo70ouuVF6BwErIBuw7vsQM7KSWflChLqi.FWhl1jr.m7&et=view&hsrc=1&initsonar=1&extra=&eventid=0&fr=1&tz=0&fv=-&href=http%3A%2F%2Fflortactheo.gq%2F&ref=&screen=1600x1200r1000&col=24&window=1600x1200&ltime=381&lsdata=lzbHcqm6y3QvBjocHiF9FOF_oIsd3gFVrfCjAEgE.w..W7IasLsu6HSllFFttudIaRTKZZ7C7KAMEtDPMFgiCZYbEhgM/8QX9U0wa28NIi/&fpdata=ajy8I0yxkP1drsRlD_SdNyj2ilSmuo86545OO2o1BF3.f7&vis=1&lsadd=&fpcap=
Requested by: Host: flortactheo.gq
URL: http://flortactheo.gq/
Protocol: H2
Server: 185.11.128.205 , Poland, ASN50599 (Autonomous System for Data Space Sp. z o.o., PL),
Reverse DNS: host-185-11-128-205.dataspace.pl
Software: GHC /
Resource Hash: 2df81adb8a02c3a688fb295321cee269c053ed3c4d4c5bed2ec6484987b34ee3

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://flortactheo.gq/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 02 Mar 2022 11:00:09 GMT
server: GHC
p3p: CP="NOI DSP COR NID PSAo OUR IND"
cache-control: no-store, no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
accept-ranges: none
content-type: application/x-javascript
content-length: 452
expires: Tue, 01 Mar 2022 11:00:09 GMT

Redirect headers

pragma: no-cache
date: Wed, 02 Mar 2022 11:00:09 GMT
server: GHC
p3p: CP="NOI DSP COR NID PSAo OUR IND"
location: /__/_1646218809912/rexdot.js?l=100&id=bPo70ouuVF6BwErIBuw7vsQM7KSWflChLqi.FWhl1jr.m7&et=view&hsrc=1&initsonar=1&extra=&eventid=0&fr=1&tz=0&fv=-&href=http%3A%2F%2Fflortactheo.gq%2F&ref=&screen=1600x1200r1000&col=24&window=1600x1200&ltime=381&lsdata=lzbHcqm6y3QvBjocHiF9FOF_oIsd3gFVrfCjAEgE.w..W7IasLsu6HSllFFttudIaRTKZZ7C7KAMEtDPMFgiCZYbEhgM/8QX9U0wa28NIi/&fpdata=ajy8I0yxkP1drsRlD_SdNyj2ilSmuo86545OO2o1BF3.f7&vis=1&lsadd=&fpcap=
cache-control: no-store, no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
accept-ranges: none
content-length: 0
expires: Tue, 01 Mar 2022 11:00:09 GMT

GET
H3 200 ga-audiences
www.google.com/ads/ 42 B
63 B 48ms
20ms Image
image/gif 2a00:1450:4001:808::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-8969414-2&cid=1585783081.1646218810&jid=2123276725&_u=YADAAUAAAAAAAC~&z=548701363

Requested by

Host: flortactheo.gq
URL: http://flortactheo.gq/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://flortactheo.gq/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 02 Mar 2022 11:00:09 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ga-audiences
www.google.de/ads/ 42 B
63 B 44ms
20ms Image
image/gif 2a00:1450:4001:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-8969414-2&cid=1585783081.1646218810&jid=2123276725&_u=YADAAUAAAAAAAC~&z=548701363

Requested by

Host: flortactheo.gq
URL: http://flortactheo.gq/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://flortactheo.gq/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 02 Mar 2022 11:00:09 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

OPTIONS
H/1.1 204
No Content events
api.deep.bi/v1/streams/j7odeRmIZNFp/ Frame 0
0 63ms
62ms Preflight 2606:4700:10::6816:28b9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: http://api.deep.bi/v1/streams/j7odeRmIZNFp/events
Protocol: HTTP/1.1
Server: 2606:4700:10::6816:28b9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: authorization,content-type
Origin: http://flortactheo.gq
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

Date: Wed, 02 Mar 2022 11:00:10 GMT
Connection: keep-alive
Access-Control-Allow-Origin: http://flortactheo.gq
Access-Control-Allow-Credentials: true
Access-Control-Max-Age: 3600
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: Accept-Encoding,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Mx-ReqToken,X-Requested-With,Device-Stock-UA,X-Device-User-Agent,X-Operamini-Phone-UA
X-Server: tr01-fsn1.prod-deep.com
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 6e59a08a8d265995-MXP

OPTIONS
H/1.1 204
No Content events
api.deep.bi/v1/streams/j7odeRmIZNFp/ Frame 0
0 92ms
68ms Preflight 2606:4700:10::6816:28b9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: http://api.deep.bi/v1/streams/j7odeRmIZNFp/events
Protocol: HTTP/1.1
Server: 2606:4700:10::6816:28b9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: authorization,content-type
Origin: http://flortactheo.gq
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

Date: Wed, 02 Mar 2022 11:00:10 GMT
Connection: keep-alive
Access-Control-Allow-Origin: http://flortactheo.gq
Access-Control-Allow-Credentials: true
Access-Control-Max-Age: 3600
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: Accept-Encoding,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Mx-ReqToken,X-Requested-With,Device-Stock-UA,X-Device-User-Agent,X-Operamini-Phone-UA
X-Server: tr01-fsn1.prod-deep.com
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 6e59a08aaf0ce907-MXP

OPTIONS
H/1.1 204
No Content events
api.deep.bi/v1/streams/j7odeRmIZNFp/ Frame 0
0 132ms
99ms Preflight 2606:4700:10::6816:28b9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: http://api.deep.bi/v1/streams/j7odeRmIZNFp/events
Protocol: HTTP/1.1
Server: 2606:4700:10::6816:28b9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: authorization,content-type
Origin: http://flortactheo.gq
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

Date: Wed, 02 Mar 2022 11:00:10 GMT
Connection: keep-alive
Access-Control-Allow-Origin: http://flortactheo.gq
Access-Control-Allow-Credentials: true
Access-Control-Max-Age: 3600
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: Accept-Encoding,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Mx-ReqToken,X-Requested-With,Device-Stock-UA,X-Device-User-Agent,X-Operamini-Phone-UA
X-Server: tr01-fsn1.prod-deep.com
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 6e59a08aba655a31-MXP

POST
H/1.1 204
No Content events Show response
api.deep.bi/v1/streams/j7odeRmIZNFp/ 0
316 B 135ms
134ms XHR
text/plain 2606:4700:10::6816:28b9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

http://api.deep.bi/v1/streams/j7odeRmIZNFp/events

Requested by

Host: api.deep.bi
URL: http://api.deep.bi/v3/init.js

Protocol

HTTP/1.1

Server

2606:4700:10::6816:28b9 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Referer: http://flortactheo.gq/
Accept-Language: de-DE,de;q=0.9
Authorization: bearer Da16NqKwj2619hxwdhdGH9u1
Content-Type: application/json

Response headers

Date: Wed, 02 Mar 2022 11:00:10 GMT
CF-Cache-Status: DYNAMIC
Server: cloudflare
Strict-Transport-Security: max-age=31536000
Access-Control-Allow-Origin: http://flortactheo.gq
X-Server: k8s
Connection: keep-alive
Access-Control-Allow-Credentials: true
CF-RAY: 6e59a08afd4a5a1f-MXP

POST
H/1.1 204
No Content events Show response
api.deep.bi/v1/streams/j7odeRmIZNFp/ 0
291 B 77ms
58ms XHR
text/plain 2606:4700:10::6816:28b9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: http://api.deep.bi/v1/streams/j7odeRmIZNFp/events
Requested by: Host: api.deep.bi
URL: http://api.deep.bi/v3/init.js
Protocol: HTTP/1.1
Server: 2606:4700:10::6816:28b9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Referer: http://flortactheo.gq/
Accept-Language: de-DE,de;q=0.9
Authorization: bearer Da16NqKwj2619hxwdhdGH9u1
Content-Type: application/json

Response headers

Date: Wed, 02 Mar 2022 11:00:10 GMT
CF-Cache-Status: DYNAMIC
Server: cloudflare
Access-Control-Allow-Origin: http://flortactheo.gq
X-Server: tr01-fsn1.prod-deep.com
Connection: keep-alive
Access-Control-Allow-Credentials: true
CF-RAY: 6e59a08b3ee6374f-MXP

POST
H/1.1 204
No Content events Show response
api.deep.bi/v1/streams/j7odeRmIZNFp/ 0
291 B 152ms
135ms XHR
text/plain 2606:4700:10::6816:28b9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: http://api.deep.bi/v1/streams/j7odeRmIZNFp/events
Requested by: Host: api.deep.bi
URL: http://api.deep.bi/v3/init.js
Protocol: HTTP/1.1
Server: 2606:4700:10::6816:28b9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Referer: http://flortactheo.gq/
Accept-Language: de-DE,de;q=0.9
Authorization: bearer Da16NqKwj2619hxwdhdGH9u1
Content-Type: application/json

Response headers

Date: Wed, 02 Mar 2022 11:00:10 GMT
CF-Cache-Status: DYNAMIC
Server: cloudflare
Access-Control-Allow-Origin: http://flortactheo.gq
X-Server: tr01-fsn1.prod-deep.com
Connection: keep-alive
Access-Control-Allow-Credentials: true
CF-RAY: 6e59a08b7da8e8f7-MXP

POST
H3 200 / Show response
www.facebook.com/tr/ Frame D0A9 0
18 B 16ms
7ms Document
text/plain 2a03:2880:f11c:8083:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/tr/

Requested by

Host: flortactheo.gq
URL: http://flortactheo.gq/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f11c:8083:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Upgrade-Insecure-Requests: 1
Origin: http://flortactheo.gq
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: http://flortactheo.gq/

Response headers

content-type: text/plain
access-control-allow-origin: http://flortactheo.gq
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-length: 0
server: proxygen-bolt
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600
priority: u=0
date: Wed, 02 Mar 2022 11:00:10 GMT

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 14 KB
11 KB 177ms
30ms XHR
application/json 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2021111701&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021111701.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7a486a39b72d381e82e3ffe4e1ce441631f7b32238cd00b39611f4bbd36af06f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://flortactheo.gq/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 02 Mar 2022 11:00:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10669
x-xss-protection: 0

GET
H3 200 container.html Show response
2fd01d3a1c917271c9e715357d1c4fbe.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 6496 6 KB
3 KB 26ms
7ms Document
text/html 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://2fd01d3a1c917271c9e715357d1c4fbe.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021111701.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: http://flortactheo.gq/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 02 Mar 2022 11:00:09 GMT
expires: Thu, 02 Mar 2023 11:00:09 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
content-type: text/html
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 6ms
6ms Image
image/gif 2a00:1450:4001:810::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j96&a=113841053&t=event&_s=11&dl=http%3A%2F%2Fflortactheo.gq%2F&ul=en-us&de=UTF-8&dt=Gdzie%20inwestowa%C4%87%20w%20Gda%C5%84sku%3F%20%E2%80%93%20Wiadomo%C5%9Bci%20Nieruchomo%C5%9Bci%20Wprost&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=genesis_ads&ea=AD%20GAM%20Rectangle%20Displayed&_u=aADAAUABAAAAAC~&jid=&gjid=&cid=1585783081.1646218810&tid=UA-8969414-2&_gid=1073739330.1646218810&gtm=2ou2s0&z=1709441057

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://flortactheo.gq/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 02 Mar 2022 10:25:11 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 2099
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
7 KB 58ms
33ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021111701.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://flortactheo.gq/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 02 Mar 2022 11:00:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Wed, 02 Mar 2022 11:00:10 GMT

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 3245 624 B
297 B 35ms
20ms Document
text/html 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhCn9EsYr8jFlQEwAQ&v=APEucNWMDbfs_Gv9GAzHyAH2PRnclIrExkTNVdzud8N9EJrq1GgmTOynDnLnwmujA3L9zTX9ax66hFfSEU0cipN7MD_uscMnjQj1HLR0CWVHwt6n7_iTGghrHjim2uoApuVC5wP8ut4Ys8fH5r7SP4wG7UHmW9Q_qc_LqDMZOVQYgyuhIpSZbzs

Requested by

Host: 2fd01d3a1c917271c9e715357d1c4fbe.safeframe.googlesyndication.com
URL: https://2fd01d3a1c917271c9e715357d1c4fbe.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://2fd01d3a1c917271c9e715357d1c4fbe.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Wed, 02 Mar 2022 11:00:10 GMT
server: cafe
cache-control: private
content-length: 276
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 6496 26 KB
16 KB 51ms
42ms Script
text/javascript 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DEr7pCnTw4fSwZqgctH8kvk01Xa3wy9qwx4TzB5RaL8DxVwopsqxWmxQpmKmegEKRgkyabQy3_sUzr0wD7wiFr-dWrDEywGqcjoRyHkrruMvO40_bVJVaQXKiUICfL9FgXF2zxQIVanQhzLUCPiXIR9fgVSQ&cry=1&dbm_d=AKAmf-BXWfhWJcC0A2XpNHu3b3ycD5h87EQUu2CCzG3Gsw7zG1cXxylbBpNJUgw6MnJhAHO1jN3PiV3yV7Cj15G_juQ9Uut3xQHVNyqZD3AgEnmKDIHCpYuGot0AzWQrddHIvFujF8sKBd84K8voJy4gA_8A3MxV2yaDimoXm-ja4QZcTiZGGKWUp6fo2QD302Dei0mVvBqLI4J-Gx-FvDXZ5Ca5OOCDGyNsHmQppuvsX2m8BjRAKud73UrE_bwQazt4DKmterxei2Kf5EO6SgsgRlSOV-Xgz41T-Rd6j3yEBNnJmTrALbcroiARQFQZmZCKZ0HZojWLVUg90ys36lzPs0YoXItJ5hXx7jdt7khlv3EMwcMlsivP-x7g7ikxM5HOgt7aX8EYzStTrzQgmpIQec5HK6wRNLihVo1-tOqnLuIIlAtuRImH5O_FktvXxBM8hE1R3kGzXDGOmtIOUHbilQZEymFq-vtgjrpOc7xmupUMlVWKZHxzkmGt1PED8jbuBrBPwiUwGiJmj4aoMCK-QFUdRYg1JfV_TzOUAL6bCKx0Bp0xrOafXgJcr4FSWEFwTenjLlaLxCRnRx6vGRAy-PVG2Le61mPADWV0B9EhAHFy_pYyVF3J3-GKjv1TWRQk4iBmvBGAMgMWSDi_6V4oSaqgSzzSwEbr1iQBw5nGsUp9-vbyKyCwNzLcBu20Jd_k9YX8MiSJ2VevXBBS05PP1ixz2o-kjbi_wt5AamA-mL927Ak22TCPpiAIldiyzvt5qq7X630b_V38PxvRkQMtzkZvQQYDFyUbEjcMrF93Iggl-SzaDRJY-Hs5Bk_sUyi_BGI0ZtgJPNjM5XRyiBMXa2mzTYxlc5WmKowwcgKE3n6twqAnBs1LTremH2CXjfkZtnubm-kg8yfQDoRN7ddIzbKoGlyjfr6yvImGnRhAWCocG50O35s7IH_OrZZAp7sRwSvRtrxYNDidgml2G4lKlRz6Kjt8uwgR0TpUvShjyvTb-HAMGS-Ttj1pd9inHzAYEeqV99gZ_ev9H6tmBGEctaV7QJCnZDIAJPchK07nruO5rp-BE3ukFEB-fpj6G_pzfODBwKHRMUFG1AOPEXCITbqCo35B9-M0Fbwn-G-xD_UIxrg9qkhmhsghBSsJts6ll6xB1AN85KjIywiUzetquWbNBguMrNkoBEC2iDPN-GYZJaCrAn5CPoeJYPwyrabUVlkql-RY-pLf6D5kVfpaQnUg93P9j4hL8u-4Vn3bOvDeEkCc0kOed3WufP0gGRDxqabgxalykwUX79VF5cX2okJ8sX48NOv2AyXsQk2U21p6BQUQQFjblU3Pq1qEkvu2nyVswDIwnygEwn-UnDID-MbwvODfhu2CGTh8fe3kz_u5o_KChxPzxEkMyvsdw8uPfREBDdXrF4iAWwHLOA9V5suyIz_coRrVB7Zy6GwTB0DNjWl4f8H3fS85AVGzsMcjmtVYEK9A8667j46mAS6bFWBvPqfls6n6I46fOG_KUhqr-yj7E5He031hvPNEVxoUmOIHTQImVRUtG5nmaXIbajW9gzNTm_jS4sVrM4DvR2Ad1IVS93P4dzlYfiIww1yKxsPNQQsiuprJZUQ1kk_zg0ZT2Vb6z-CNrxmkryj5NaIOiZJejlr9ZZj489t4tXw2dtrn-l5IDRHXBSpvMNDu12VET_M7J6Gh2ocxcMafSi1jFqu_qzjMfDysmA8gnRd25IbUbl8E8YFUp-xfAyF6nvZLTgQqGSVDdvpmrkMGKKDwClJ0ofLUQ39iQOV7SWv6L6Wf5SyXicwiOdvmxONXSZhhDc4CRkVbSKkDw4gJhqByx4jsAkZrYTEkNXL8rmOiOit2IiooaTs5kEnwOUZs7NqCs37rtgIt50BD7Qm4Hv8UAS7PTeUzKPFYSx_zlpG5IiIQr3mEuPTdBnUwd5-0ymAX4eVVMcO50nGTNKV0iAvbHk5cllyXUC-Wz5TR_oHWHUbcHcjp1Wy9dWd7PA_Exhh9GB2zTBpITHsqsXbsQGQUU-uvnHbmTo4mT4MhLUgv89Klg1xZ1olvgHD9lLBzTWj4jVcbYKBb_QKH2ii5oGSTcwTE9pjpIM4v0wELOvT0YYJEeSd7cwBQtprnW2NG3HpnKsx76ElctPJwVT52rjbU05VSvIHUHev0MMloQfSgfucfxI8nnqmDG894EBPGbAN0ZOxY31gG7lOe2HIgnaxoJo1dYiURiN0ZsxgsyTaEWyB5ZFaOp8nGGJl3_t-I3uOPgIXUxvei5SFXEUhlMExJzmKvmfT0A8yiVS3d_9bBpgKnBWgO3kP2KMqNjaK0FnD9RxZybN8H3PQQcnK1vF5WFnQqT73XIs4ZWD8i5o8l4FCYgw-pDNfCmwTgOS6YxTCCLla_4MHnl58wAsZ2kIqc21GW5DsAVSDLnbPPELDbl13zKVnlPRezDKc7TmUylnERUvruwK_cqO7eHt6dRpvUsV4BLaiEjv6dxCgFOpUdpLNRzrs3uzTt8qJblHtMkHN_TsY6g1J2GIgmgrlm1_rVKjTrrqXLwdJer3SiXE0oKkUrJJDIvrRfJ4K_8c6z1EHXAcikDExOTd1pY_vRFmz8lxtZrjQ93rDEeJNBfZ8ytORK-9S079FNemSygYeiVi6xZKCVf2Gp9A-eCB69qQs90YGuRsJEFLrwwFMu4j4t3FVCIFsKH4J189yzm96EGWA571WFnMiaoPReSBz8lm3ShEeOOR7tz1SGAkmYzCxss0L0bUk7q0tE_yGrM7auyME-N7j4s0WPyicPpjGLbOomThJQdSuQZ71KWVHHSNxV8Ojuxht5TTtmcax60gvfiNXvYEzhmMS5xLQW8wr_cRaiigXJT-jAAUWxABV4jjruHKohbIu0yHjxGEjRw80bKOCB1NlXlFaYzIiOn9ut9UZ2x1KW6cdPsOC-Ga2l53PFH3JgflbdcAqKoXosXjc-cifoqJ44DNPN6hj-aPwBxiPJnJx1JcayN7DTO0VM22156YPy4SJCCYNYx7dxAhVr3KTSRA0hlw&cid=CAASEuRoZYP_OshwBRXOdCI_s3Zerg&rfl=1%2Chttp%253A%252F%252Fflortactheo.gq%252F%240

Requested by

Host: flortactheo.gq
URL: http://flortactheo.gq/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

bc05dabb6d716be66e491fb1e685d4d1c48ceeecb8e5d76254ba22457fffcde9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://2fd01d3a1c917271c9e715357d1c4fbe.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 02 Mar 2022 11:00:10 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15952
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 6496 42 B
63 B 56ms
40ms Image
image/gif 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-Dhnv_mFjcPfKzfWnFsJPWPGB40rDUbZgS5k5YpIRMBjp4coaLeGuzacKGaAlGqDgRMhs-7OLm_913uTpoM9myOgetD0iRxNr5GTUZ78rRLY--iTIw

Requested by

Host: 2fd01d3a1c917271c9e715357d1c4fbe.safeframe.googlesyndication.com
URL: https://2fd01d3a1c917271c9e715357d1c4fbe.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://2fd01d3a1c917271c9e715357d1c4fbe.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 02 Mar 2022 11:00:10 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220228/r20110914/client/ Frame 6496 2 KB
1 KB 23ms
8ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220228/r20110914/client/window_focus_fy2019.js

Requested by

Host: 2fd01d3a1c917271c9e715357d1c4fbe.safeframe.googlesyndication.com
URL: https://2fd01d3a1c917271c9e715357d1c4fbe.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

68026f99511fbc5c2275b7068b5fac19797d638977ffb9db12c5c1523614c18f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://2fd01d3a1c917271c9e715357d1c4fbe.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 02 Mar 2022 10:44:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 964
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1233
x-xss-protection: 0
server: cafe
etag: 16517525077337815633
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 16 Mar 2022 10:44:06 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 6496 124 KB
39 KB 44ms
19ms Script
text/javascript 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 2fd01d3a1c917271c9e715357d1c4fbe.safeframe.googlesyndication.com
URL: https://2fd01d3a1c917271c9e715357d1c4fbe.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

421826ba172a54d9fd676a0a6ec9d635c3f2210aba81b270d1505c8c653ae4ff

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://2fd01d3a1c917271c9e715357d1c4fbe.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 02 Mar 2022 11:00:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38862
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1646052075697155"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Wed, 02 Mar 2022 11:00:10 GMT

GET
H2 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220228/r20110914/client/ Frame 6496 15 KB
7 KB 22ms
7ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220228/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: 2fd01d3a1c917271c9e715357d1c4fbe.safeframe.googlesyndication.com
URL: https://2fd01d3a1c917271c9e715357d1c4fbe.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

383f95a75b02bb1370e93c9c3c6b9f060a98dbe492b16d8e1da3f653a800e435

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://2fd01d3a1c917271c9e715357d1c4fbe.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 02 Mar 2022 10:55:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 270
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6433
x-xss-protection: 0
server: cafe
etag: 3306657128042699500
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 16 Mar 2022 10:55:40 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 3245
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEO7Kol4vzM_8rwwv_js6SMY&google_cver=1
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEO7Kol4vzM_8rwwv_js6SMY&google_cver=1&C=1

43 B
1014 B

32ms
32ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEO7Kol4vzM_8rwwv_js6SMY&google_cver=1&C=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhCn9EsYr8jFlQEwAQ&v=APEucNWMDbfs_Gv9GAzHyAH2PRnclIrExkTNVdzud8N9EJrq1GgmTOynDnLnwmujA3L9zTX9ax66hFfSEU0cipN7MD_uscMnjQj1HLR0CWVHwt6n7_iTGghrHjim2uoApuVC5wP8ut4Ys8fH5r7SP4wG7UHmW9Q_qc_LqDMZOVQYgyuhIpSZbzs
Protocol: HTTP/1.1
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 02 Mar 2022 11:00:10 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Wed, 02 Mar 2022 11:00:10 GMT

Redirect headers

Pragma: no-cache
Date: Wed, 02 Mar 2022 11:00:10 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEO7Kol4vzM_8rwwv_js6SMY&google_cver=1&C=1
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: text/html; charset=iso-8859-1
Content-Length: 308
Expires: Wed, 02 Mar 2022 11:00:10 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 3245
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=Yh9OOlaZIjudXSfHlWKpWwAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEO7Kol4vzM_8rwwv_js6SMY&google_cver=1

43 B
894 B

28ms
28ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEO7Kol4vzM_8rwwv_js6SMY&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhCn9EsYr8jFlQEwAQ&v=APEucNWMDbfs_Gv9GAzHyAH2PRnclIrExkTNVdzud8N9EJrq1GgmTOynDnLnwmujA3L9zTX9ax66hFfSEU0cipN7MD_uscMnjQj1HLR0CWVHwt6n7_iTGghrHjim2uoApuVC5wP8ut4Ys8fH5r7SP4wG7UHmW9Q_qc_LqDMZOVQYgyuhIpSZbzs
Protocol: HTTP/1.1
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 02 Mar 2022 11:00:10 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Wed, 02 Mar 2022 11:00:10 GMT

Redirect headers

pragma: no-cache
date: Wed, 02 Mar 2022 11:00:10 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEO7Kol4vzM_8rwwv_js6SMY&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

bounce
ib.adnxs.com/ Frame 3245
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEPsWCYDL9sPNR_b06WNUcDA&google_cver=1
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEPsWCYDL9sPNR_b06WNUcDA%26google_cver%3D1

43 B
1 KB

55ms
55ms

Image
image/gif

185.33.220.145
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEPsWCYDL9sPNR_b06WNUcDA%26google_cver%3D1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhCn9EsYr8jFlQEwAQ&v=APEucNWMDbfs_Gv9GAzHyAH2PRnclIrExkTNVdzud8N9EJrq1GgmTOynDnLnwmujA3L9zTX9ax66hFfSEU0cipN7MD_uscMnjQj1HLR0CWVHwt6n7_iTGghrHjim2uoApuVC5wP8ut4Ys8fH5r7SP4wG7UHmW9Q_qc_LqDMZOVQYgyuhIpSZbzs

Protocol

HTTP/1.1

Server

185.33.220.145 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

623.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 02 Mar 2022 11:00:10 GMT
X-Proxy-Origin: 45.141.152.68; 45.141.152.68; 623.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: a754d53b-2074-4267-9050-d714bd4cd3bc
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Wed, 02 Mar 2022 11:00:10 GMT
X-Proxy-Origin: 45.141.152.68; 45.141.152.68; 623.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: 283beb55-ed4f-4180-be3d-f1f13fa0c68f
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEPsWCYDL9sPNR_b06WNUcDA%26google_cver%3D1
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 3245
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NDAxMzA2ODM5OTMxOTQ0MzI4

170 B
188 B

37ms
22ms

Image
image/png

142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NDAxMzA2ODM5OTMxOTQ0MzI4

Requested by

Protocol

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 02 Mar 2022 11:00:10 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Wed, 02 Mar 2022 11:00:10 GMT
X-Proxy-Origin: 45.141.152.68; 45.141.152.68; 623.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: 11f616e4-22e8-4990-8a49-e1be276185f8
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NDAxMzA2ODM5OTMxOTQ0MzI4
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame D1C7 13 KB
5 KB 34ms
8ms Document
text/html 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: http://flortactheo.gq/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length: 5046
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 02 Mar 2022 10:52:13 GMT
expires: Thu, 02 Mar 2023 10:52:13 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
content-type: text/html
age: 477
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 6A3C 783 B
535 B 18ms
18ms Document
text/html 2a00:1450:4001:808::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

147124bcfc56bf9fe848b7ddbdc91c3e00ebb9aa1604d2f1e2a74dc28b34e775

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-XmSHvgYTr6g53xGWDof6yw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: http://flortactheo.gq/

Response headers

cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
expires: Wed, 02 Mar 2022 11:00:10 GMT
date: Wed, 02 Mar 2022 11:00:10 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'report-sample' 'nonce-XmSHvgYTr6g53xGWDof6yw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 513
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20220228/r20110914/ Frame 6496 25 KB
9 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20220228/r20110914/abg_lite.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DEr7pCnTw4fSwZqgctH8kvk01Xa3wy9qwx4TzB5RaL8DxVwopsqxWmxQpmKmegEKRgkyabQy3_sUzr0wD7wiFr-dWrDEywGqcjoRyHkrruMvO40_bVJVaQXKiUICfL9FgXF2zxQIVanQhzLUCPiXIR9fgVSQ&cry=1&dbm_d=AKAmf-BXWfhWJcC0A2XpNHu3b3ycD5h87EQUu2CCzG3Gsw7zG1cXxylbBpNJUgw6MnJhAHO1jN3PiV3yV7Cj15G_juQ9Uut3xQHVNyqZD3AgEnmKDIHCpYuGot0AzWQrddHIvFujF8sKBd84K8voJy4gA_8A3MxV2yaDimoXm-ja4QZcTiZGGKWUp6fo2QD302Dei0mVvBqLI4J-Gx-FvDXZ5Ca5OOCDGyNsHmQppuvsX2m8BjRAKud73UrE_bwQazt4DKmterxei2Kf5EO6SgsgRlSOV-Xgz41T-Rd6j3yEBNnJmTrALbcroiARQFQZmZCKZ0HZojWLVUg90ys36lzPs0YoXItJ5hXx7jdt7khlv3EMwcMlsivP-x7g7ikxM5HOgt7aX8EYzStTrzQgmpIQec5HK6wRNLihVo1-tOqnLuIIlAtuRImH5O_FktvXxBM8hE1R3kGzXDGOmtIOUHbilQZEymFq-vtgjrpOc7xmupUMlVWKZHxzkmGt1PED8jbuBrBPwiUwGiJmj4aoMCK-QFUdRYg1JfV_TzOUAL6bCKx0Bp0xrOafXgJcr4FSWEFwTenjLlaLxCRnRx6vGRAy-PVG2Le61mPADWV0B9EhAHFy_pYyVF3J3-GKjv1TWRQk4iBmvBGAMgMWSDi_6V4oSaqgSzzSwEbr1iQBw5nGsUp9-vbyKyCwNzLcBu20Jd_k9YX8MiSJ2VevXBBS05PP1ixz2o-kjbi_wt5AamA-mL927Ak22TCPpiAIldiyzvt5qq7X630b_V38PxvRkQMtzkZvQQYDFyUbEjcMrF93Iggl-SzaDRJY-Hs5Bk_sUyi_BGI0ZtgJPNjM5XRyiBMXa2mzTYxlc5WmKowwcgKE3n6twqAnBs1LTremH2CXjfkZtnubm-kg8yfQDoRN7ddIzbKoGlyjfr6yvImGnRhAWCocG50O35s7IH_OrZZAp7sRwSvRtrxYNDidgml2G4lKlRz6Kjt8uwgR0TpUvShjyvTb-HAMGS-Ttj1pd9inHzAYEeqV99gZ_ev9H6tmBGEctaV7QJCnZDIAJPchK07nruO5rp-BE3ukFEB-fpj6G_pzfODBwKHRMUFG1AOPEXCITbqCo35B9-M0Fbwn-G-xD_UIxrg9qkhmhsghBSsJts6ll6xB1AN85KjIywiUzetquWbNBguMrNkoBEC2iDPN-GYZJaCrAn5CPoeJYPwyrabUVlkql-RY-pLf6D5kVfpaQnUg93P9j4hL8u-4Vn3bOvDeEkCc0kOed3WufP0gGRDxqabgxalykwUX79VF5cX2okJ8sX48NOv2AyXsQk2U21p6BQUQQFjblU3Pq1qEkvu2nyVswDIwnygEwn-UnDID-MbwvODfhu2CGTh8fe3kz_u5o_KChxPzxEkMyvsdw8uPfREBDdXrF4iAWwHLOA9V5suyIz_coRrVB7Zy6GwTB0DNjWl4f8H3fS85AVGzsMcjmtVYEK9A8667j46mAS6bFWBvPqfls6n6I46fOG_KUhqr-yj7E5He031hvPNEVxoUmOIHTQImVRUtG5nmaXIbajW9gzNTm_jS4sVrM4DvR2Ad1IVS93P4dzlYfiIww1yKxsPNQQsiuprJZUQ1kk_zg0ZT2Vb6z-CNrxmkryj5NaIOiZJejlr9ZZj489t4tXw2dtrn-l5IDRHXBSpvMNDu12VET_M7J6Gh2ocxcMafSi1jFqu_qzjMfDysmA8gnRd25IbUbl8E8YFUp-xfAyF6nvZLTgQqGSVDdvpmrkMGKKDwClJ0ofLUQ39iQOV7SWv6L6Wf5SyXicwiOdvmxONXSZhhDc4CRkVbSKkDw4gJhqByx4jsAkZrYTEkNXL8rmOiOit2IiooaTs5kEnwOUZs7NqCs37rtgIt50BD7Qm4Hv8UAS7PTeUzKPFYSx_zlpG5IiIQr3mEuPTdBnUwd5-0ymAX4eVVMcO50nGTNKV0iAvbHk5cllyXUC-Wz5TR_oHWHUbcHcjp1Wy9dWd7PA_Exhh9GB2zTBpITHsqsXbsQGQUU-uvnHbmTo4mT4MhLUgv89Klg1xZ1olvgHD9lLBzTWj4jVcbYKBb_QKH2ii5oGSTcwTE9pjpIM4v0wELOvT0YYJEeSd7cwBQtprnW2NG3HpnKsx76ElctPJwVT52rjbU05VSvIHUHev0MMloQfSgfucfxI8nnqmDG894EBPGbAN0ZOxY31gG7lOe2HIgnaxoJo1dYiURiN0ZsxgsyTaEWyB5ZFaOp8nGGJl3_t-I3uOPgIXUxvei5SFXEUhlMExJzmKvmfT0A8yiVS3d_9bBpgKnBWgO3kP2KMqNjaK0FnD9RxZybN8H3PQQcnK1vF5WFnQqT73XIs4ZWD8i5o8l4FCYgw-pDNfCmwTgOS6YxTCCLla_4MHnl58wAsZ2kIqc21GW5DsAVSDLnbPPELDbl13zKVnlPRezDKc7TmUylnERUvruwK_cqO7eHt6dRpvUsV4BLaiEjv6dxCgFOpUdpLNRzrs3uzTt8qJblHtMkHN_TsY6g1J2GIgmgrlm1_rVKjTrrqXLwdJer3SiXE0oKkUrJJDIvrRfJ4K_8c6z1EHXAcikDExOTd1pY_vRFmz8lxtZrjQ93rDEeJNBfZ8ytORK-9S079FNemSygYeiVi6xZKCVf2Gp9A-eCB69qQs90YGuRsJEFLrwwFMu4j4t3FVCIFsKH4J189yzm96EGWA571WFnMiaoPReSBz8lm3ShEeOOR7tz1SGAkmYzCxss0L0bUk7q0tE_yGrM7auyME-N7j4s0WPyicPpjGLbOomThJQdSuQZ71KWVHHSNxV8Ojuxht5TTtmcax60gvfiNXvYEzhmMS5xLQW8wr_cRaiigXJT-jAAUWxABV4jjruHKohbIu0yHjxGEjRw80bKOCB1NlXlFaYzIiOn9ut9UZ2x1KW6cdPsOC-Ga2l53PFH3JgflbdcAqKoXosXjc-cifoqJ44DNPN6hj-aPwBxiPJnJx1JcayN7DTO0VM22156YPy4SJCCYNYx7dxAhVr3KTSRA0hlw&cid=CAASEuRoZYP_OshwBRXOdCI_s3Zerg&rfl=1%2Chttp%253A%252F%252Fflortactheo.gq%252F%240

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4869d34286cf7e51f09f762190d338474a1489c7afa78a873b6eb05eba5cad0b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://2fd01d3a1c917271c9e715357d1c4fbe.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 02 Mar 2022 10:57:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 181
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9662
x-xss-protection: 0
server: cafe
etag: 8494214007462833898
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 16 Mar 2022 10:57:09 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 6496 41 KB
15 KB 22ms
7ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://2fd01d3a1c917271c9e715357d1c4fbe.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 01 Mar 2022 13:52:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 76032
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 01 Mar 2023 13:52:58 GMT

GET
H/1.1 200
OK ma1tq3l10cm4 Show response
hal9000.redintelligence.net/zone/ Frame 6496 11 KB
4 KB 44ms
13ms Script
text/html 138.201.63.117
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal9000.redintelligence.net/zone/ma1tq3l10cm4?subid=&gdpr=-1&gdpr_consent=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DC5NUZOU4fYq6NO8GBjuwPvO24kAq1zfmDV5zfuavlDPAuEAEguaG0JWCV4pCCoAfIAQmpAk1fxz5cnrI-qAMBqgTYAU_QnByE2y9k10Zwd3D-SxnLj4ovwpb--3ONK19AtqxuGDbhB95M250ndnxNLnTsDEWfbuvkvix1mTjSTN0CnfBxuyeTdV6FHgvk1V0AyHmdUvrXVWRkw_LV1QQkGLaZNrTPymSkPnUSXAlHxs5o-4lNOxIBqz5ZBoWE-0WwXSCsksS6Uk5EuSWbXqb8BR6MOvD0sblGCdJAKFj-yRz5OmEsKE1mN9mtVhVFqzWlERB37jXgY6H22RPr3IUxjzPIdpFSH8kZXortyJOFJnC3NVjSQQN9w1_uxMAEqp38vs8B4AQDkAYBoAZNgAfr5-heqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB_PRG6gHltgbqAeqm7ECqAffn7EC2AcA0ggJCIDhgBAQARgdgAoDmAsByAsBgAwBsBPcmesN0BMA2BMD2BQB0BUB-BYBgBcB%26ae%3D1%26num%3D1%26cid%3DCAASEuRoZYP_OshwBRXOdCI_s3Zerg%26sig%3DAOD64_2PuUWO_T7uXucjN0GiPmjqObKBjA%26client%3Dca-pub-9649941216925857%26dbm_c%3DAKAmf-DmN0rGMSElxyWLiqoW5LcONmKqWW86Vac5jk9AzN5hanPeJbx8oWMcZgwQxXtZ8TDSXduKXBMTh2NgThBa8U3qLPCOTZhLE5di85EeeUDbJqX-ZFXTYJ1xybeoYrM4qWoekMIo8yp6QcHpl2QEBTmBoNmY9A%26cry%3D1%26dbm_d%3DAKAmf-C4_EqWNekEf9TcU5UGWYGOm_TZMElhG447wiwexJa5sIWNjx1k4SK9PJLZ96d-P951i5JWl6Li3T_ps1_JnKBdwWtZmhRIqG9e3BxrHig5Y2Ha8x5D8LGIWm0HAZj2WFys40lQOnUwFAk-9r5flVI-KWJ_jYkmjMWZBFf3i7BKyIlA33RLKvNcziP7M6jJbSUslsJzYk2le2AzU7S2JtaU697MiUWV0v84dusDlXyyemATberigJrWf2QRYNbOOBbJYdx9jluyb2V_gO_n_5HxGjbwhwweIEZIC217RoEYPEC17x2s-SJwyVRbzKHeuf0bq1ojoOf7Gt7dJnH3szHCuNLEaNSK2UPsL9LoZUd9aT4xelZhfS7e2sMT2WIiasFbzTlJ9jTAEPqkm-RU4oS_cB1k3Q%26adurl%3D
Requested by: Host: 2fd01d3a1c917271c9e715357d1c4fbe.safeframe.googlesyndication.com
URL: https://2fd01d3a1c917271c9e715357d1c4fbe.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.63.117 Reilingen, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.117.63.201.138.clients.your-server.de
Software: Apache /
Resource Hash: 6d388ca148b544573e51b3b9b0bad02dcead9b7085bd0bccabb8a041ceccdf64

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://2fd01d3a1c917271c9e715357d1c4fbe.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Wed, 02 Mar 2022 11:00:10 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 3848
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 6A3C 0
0 61ms
59ms Image
text/html 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_2021111701&jk=2999208834577887&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 40F8 22 KB
8 KB 6ms
6ms Document
text/html 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://2fd01d3a1c917271c9e715357d1c4fbe.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
timing-allow-origin: *
content-length: 8395
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 01 Mar 2022 13:54:22 GMT
expires: Wed, 01 Mar 2023 13:54:22 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
content-type: text/html
age: 75948
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 mF8jAiIKdU2I24lDkXEdvB6f9nJ-5cys-Upa-8ZRieM.js Show response
pagead2.googlesyndication.com/bg/ Frame D1C7 35 KB
13 KB 9ms
8ms Script
text/javascript 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/mF8jAiIKdU2I24lDkXEdvB6f9nJ-5cys-Upa-8ZRieM.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

985f2302220a754d88db894391711dbc1e9ff6727ee5ccacf94a5afbc65189e3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 02 Mar 2022 10:35:12 GMT
content-encoding: br
x-content-type-options: nosniff
age: 1498
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13514
x-xss-protection: 0
last-modified: Thu, 24 Feb 2022 13:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 02 Mar 2023 10:35:12 GMT

GET
H/1.1

200
OK

request.php Show response
hal900025.redintelligence.net/ Frame 6496
Redirect Chain

https://hal900025.redintelligence.net/request.php?zone=ma1tq3l10cm4&nw=20&renderingType=javascript&namespace=8d4e8abbe9&subid=&uid=c9f9c55b34525103&screenSize=1600x1200&screenSizeAvail=1600x1200&cl...
https://hal900025.redintelligence.net/request.php?zone=ma1tq3l10cm4&nw=20&renderingType=javascript&namespace=8d4e8abbe9&subid=&uid=c9f9c55b34525103&screenSize=1600x1200&screenSizeAvail=1600x1200&cl...

611 B
934 B

104ms
78ms

Script
application/x-javascript

138.201.84.245
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900025.redintelligence.net/request.php?zone=ma1tq3l10cm4&nw=20&renderingType=javascript&namespace=8d4e8abbe9&subid=&uid=c9f9c55b34525103&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x600&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DC5NUZOU4fYq6NO8GBjuwPvO24kAq1zfmDV5zfuavlDPAuEAEguaG0JWCV4pCCoAfIAQmpAk1fxz5cnrI-qAMBqgTYAU_QnByE2y9k10Zwd3D-SxnLj4ovwpb--3ONK19AtqxuGDbhB95M250ndnxNLnTsDEWfbuvkvix1mTjSTN0CnfBxuyeTdV6FHgvk1V0AyHmdUvrXVWRkw_LV1QQkGLaZNrTPymSkPnUSXAlHxs5o-4lNOxIBqz5ZBoWE-0WwXSCsksS6Uk5EuSWbXqb8BR6MOvD0sblGCdJAKFj-yRz5OmEsKE1mN9mtVhVFqzWlERB37jXgY6H22RPr3IUxjzPIdpFSH8kZXortyJOFJnC3NVjSQQN9w1_uxMAEqp38vs8B4AQDkAYBoAZNgAfr5-heqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB_PRG6gHltgbqAeqm7ECqAffn7EC2AcA0ggJCIDhgBAQARgdgAoDmAsByAsBgAwBsBPcmesN0BMA2BMD2BQB0BUB-BYBgBcB%26ae%3D1%26num%3D1%26cid%3DCAASEuRoZYP_OshwBRXOdCI_s3Zerg%26sig%3DAOD64_2PuUWO_T7uXucjN0GiPmjqObKBjA%26client%3Dca-pub-9649941216925857%26dbm_c%3DAKAmf-DmN0rGMSElxyWLiqoW5LcONmKqWW86Vac5jk9AzN5hanPeJbx8oWMcZgwQxXtZ8TDSXduKXBMTh2NgThBa8U3qLPCOTZhLE5di85EeeUDbJqX-ZFXTYJ1xybeoYrM4qWoekMIo8yp6QcHpl2QEBTmBoNmY9A%26cry%3D1%26dbm_d%3DAKAmf-C4_EqWNekEf9TcU5UGWYGOm_TZMElhG447wiwexJa5sIWNjx1k4SK9PJLZ96d-P951i5JWl6Li3T_ps1_JnKBdwWtZmhRIqG9e3BxrHig5Y2Ha8x5D8LGIWm0HAZj2WFys40lQOnUwFAk-9r5flVI-KWJ_jYkmjMWZBFf3i7BKyIlA33RLKvNcziP7M6jJbSUslsJzYk2le2AzU7S2JtaU697MiUWV0v84dusDlXyyemATberigJrWf2QRYNbOOBbJYdx9jluyb2V_gO_n_5HxGjbwhwweIEZIC217RoEYPEC17x2s-SJwyVRbzKHeuf0bq1ojoOf7Gt7dJnH3szHCuNLEaNSK2UPsL9LoZUd9aT4xelZhfS7e2sMT2WIiasFbzTlJ9jTAEPqkm-RU4oS_cB1k3Q%26adurl%3D&documentReferer=http%3A%2F%2Fflortactheo.gq%2F&ancestorOrigins=http%3A%2F%2Fflortactheo.gq&random=7351180965659&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1
Requested by: Host: 2fd01d3a1c917271c9e715357d1c4fbe.safeframe.googlesyndication.com
URL: https://2fd01d3a1c917271c9e715357d1c4fbe.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: HTTP/1.1
Server: 138.201.84.245 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.245.84.201.138.clients.your-server.de
Software: Apache /
Resource Hash: 78846cd447e707433f6738f125e4363950957a9591902528c1a4d3d5cab27ee0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://2fd01d3a1c917271c9e715357d1c4fbe.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 02 Mar 2022 11:00:10 GMT
Content-Encoding: gzip
Server: Apache
Vary: Accept-Encoding
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
X-NEORY-SubId: 27882900118575300710624011886025
Connection: close
Content-Type: application/x-javascript; charset=utf-8
Content-Length: 328
Expires: Wed, 02 Mar 2022 11:00:10 +0100

Redirect headers

Pragma: no-cache
Date: Wed, 02 Mar 2022 11:00:10 GMT
Server: Apache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Location: request.php?zone=ma1tq3l10cm4&nw=20&renderingType=javascript&namespace=8d4e8abbe9&subid=&uid=c9f9c55b34525103&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x600&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DC5NUZOU4fYq6NO8GBjuwPvO24kAq1zfmDV5zfuavlDPAuEAEguaG0JWCV4pCCoAfIAQmpAk1fxz5cnrI-qAMBqgTYAU_QnByE2y9k10Zwd3D-SxnLj4ovwpb--3ONK19AtqxuGDbhB95M250ndnxNLnTsDEWfbuvkvix1mTjSTN0CnfBxuyeTdV6FHgvk1V0AyHmdUvrXVWRkw_LV1QQkGLaZNrTPymSkPnUSXAlHxs5o-4lNOxIBqz5ZBoWE-0WwXSCsksS6Uk5EuSWbXqb8BR6MOvD0sblGCdJAKFj-yRz5OmEsKE1mN9mtVhVFqzWlERB37jXgY6H22RPr3IUxjzPIdpFSH8kZXortyJOFJnC3NVjSQQN9w1_uxMAEqp38vs8B4AQDkAYBoAZNgAfr5-heqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB_PRG6gHltgbqAeqm7ECqAffn7EC2AcA0ggJCIDhgBAQARgdgAoDmAsByAsBgAwBsBPcmesN0BMA2BMD2BQB0BUB-BYBgBcB%26ae%3D1%26num%3D1%26cid%3DCAASEuRoZYP_OshwBRXOdCI_s3Zerg%26sig%3DAOD64_2PuUWO_T7uXucjN0GiPmjqObKBjA%26client%3Dca-pub-9649941216925857%26dbm_c%3DAKAmf-DmN0rGMSElxyWLiqoW5LcONmKqWW86Vac5jk9AzN5hanPeJbx8oWMcZgwQxXtZ8TDSXduKXBMTh2NgThBa8U3qLPCOTZhLE5di85EeeUDbJqX-ZFXTYJ1xybeoYrM4qWoekMIo8yp6QcHpl2QEBTmBoNmY9A%26cry%3D1%26dbm_d%3DAKAmf-C4_EqWNekEf9TcU5UGWYGOm_TZMElhG447wiwexJa5sIWNjx1k4SK9PJLZ96d-P951i5JWl6Li3T_ps1_JnKBdwWtZmhRIqG9e3BxrHig5Y2Ha8x5D8LGIWm0HAZj2WFys40lQOnUwFAk-9r5flVI-KWJ_jYkmjMWZBFf3i7BKyIlA33RLKvNcziP7M6jJbSUslsJzYk2le2AzU7S2JtaU697MiUWV0v84dusDlXyyemATberigJrWf2QRYNbOOBbJYdx9jluyb2V_gO_n_5HxGjbwhwweIEZIC217RoEYPEC17x2s-SJwyVRbzKHeuf0bq1ojoOf7Gt7dJnH3szHCuNLEaNSK2UPsL9LoZUd9aT4xelZhfS7e2sMT2WIiasFbzTlJ9jTAEPqkm-RU4oS_cB1k3Q%26adurl%3D&documentReferer=http%3A%2F%2Fflortactheo.gq%2F&ancestorOrigins=http%3A%2F%2Fflortactheo.gq&random=7351180965659&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Expires: Wed, 02 Mar 2022 11:00:10 +0100

GET
H3 200 mF8jAiIKdU2I24lDkXEdvB6f9nJ-5cys-Upa-8ZRieM.js Show response
pagead2.googlesyndication.com/bg/ Frame 40F8 35 KB
13 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/mF8jAiIKdU2I24lDkXEdvB6f9nJ-5cys-Upa-8ZRieM.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

985f2302220a754d88db894391711dbc1e9ff6727ee5ccacf94a5afbc65189e3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 02 Mar 2022 10:35:12 GMT
content-encoding: br
x-content-type-options: nosniff
age: 1498
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13514
x-xss-protection: 0
last-modified: Thu, 24 Feb 2022 13:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 02 Mar 2023 10:35:12 GMT

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame D1C7 0
9 B 8ms
8ms Image
text/plain 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?QcLXxg
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 02 Mar 2022 11:00:10 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

GET
H/1.1 200
OK request_content.php Show response
hal900025.redintelligence.net/ Frame 8335 7 KB
3 KB 37ms
14ms Document
text/html 138.201.84.245
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900025.redintelligence.net/request_content.php?s=27882900118575300710624011886025&a=35e6f0d3
Requested by: Host: hal900025.redintelligence.net
URL: https://hal900025.redintelligence.net/request.php?zone=ma1tq3l10cm4&nw=20&renderingType=javascript&namespace=8d4e8abbe9&subid=&uid=c9f9c55b34525103&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x600&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DC5NUZOU4fYq6NO8GBjuwPvO24kAq1zfmDV5zfuavlDPAuEAEguaG0JWCV4pCCoAfIAQmpAk1fxz5cnrI-qAMBqgTYAU_QnByE2y9k10Zwd3D-SxnLj4ovwpb--3ONK19AtqxuGDbhB95M250ndnxNLnTsDEWfbuvkvix1mTjSTN0CnfBxuyeTdV6FHgvk1V0AyHmdUvrXVWRkw_LV1QQkGLaZNrTPymSkPnUSXAlHxs5o-4lNOxIBqz5ZBoWE-0WwXSCsksS6Uk5EuSWbXqb8BR6MOvD0sblGCdJAKFj-yRz5OmEsKE1mN9mtVhVFqzWlERB37jXgY6H22RPr3IUxjzPIdpFSH8kZXortyJOFJnC3NVjSQQN9w1_uxMAEqp38vs8B4AQDkAYBoAZNgAfr5-heqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB_PRG6gHltgbqAeqm7ECqAffn7EC2AcA0ggJCIDhgBAQARgdgAoDmAsByAsBgAwBsBPcmesN0BMA2BMD2BQB0BUB-BYBgBcB%26ae%3D1%26num%3D1%26cid%3DCAASEuRoZYP_OshwBRXOdCI_s3Zerg%26sig%3DAOD64_2PuUWO_T7uXucjN0GiPmjqObKBjA%26client%3Dca-pub-9649941216925857%26dbm_c%3DAKAmf-DmN0rGMSElxyWLiqoW5LcONmKqWW86Vac5jk9AzN5hanPeJbx8oWMcZgwQxXtZ8TDSXduKXBMTh2NgThBa8U3qLPCOTZhLE5di85EeeUDbJqX-ZFXTYJ1xybeoYrM4qWoekMIo8yp6QcHpl2QEBTmBoNmY9A%26cry%3D1%26dbm_d%3DAKAmf-C4_EqWNekEf9TcU5UGWYGOm_TZMElhG447wiwexJa5sIWNjx1k4SK9PJLZ96d-P951i5JWl6Li3T_ps1_JnKBdwWtZmhRIqG9e3BxrHig5Y2Ha8x5D8LGIWm0HAZj2WFys40lQOnUwFAk-9r5flVI-KWJ_jYkmjMWZBFf3i7BKyIlA33RLKvNcziP7M6jJbSUslsJzYk2le2AzU7S2JtaU697MiUWV0v84dusDlXyyemATberigJrWf2QRYNbOOBbJYdx9jluyb2V_gO_n_5HxGjbwhwweIEZIC217RoEYPEC17x2s-SJwyVRbzKHeuf0bq1ojoOf7Gt7dJnH3szHCuNLEaNSK2UPsL9LoZUd9aT4xelZhfS7e2sMT2WIiasFbzTlJ9jTAEPqkm-RU4oS_cB1k3Q%26adurl%3D&documentReferer=http%3A%2F%2Fflortactheo.gq%2F&ancestorOrigins=http%3A%2F%2Fflortactheo.gq&random=7351180965659&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.84.245 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.245.84.201.138.clients.your-server.de
Software: Apache /
Resource Hash: cf948899924f946ab7bd10ad4c35c443abf612b6b312eb6a66987d622ee05bec

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://2fd01d3a1c917271c9e715357d1c4fbe.safeframe.googlesyndication.com/

Response headers

Date: Wed, 02 Mar 2022 11:00:10 GMT
Server: Apache
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Expires: Wed, 02 Mar 2022 11:00:10 +0100
Pragma: no-cache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 2312
Connection: close
Content-Type: text/html; charset=utf-8

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 1517 1 KB
749 B 8ms
8ms Document
text/html 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: 2fd01d3a1c917271c9e715357d1c4fbe.safeframe.googlesyndication.com
URL: https://2fd01d3a1c917271c9e715357d1c4fbe.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://2fd01d3a1c917271c9e715357d1c4fbe.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 724
x-xss-protection: 0
date: Tue, 01 Mar 2022 13:26:12 GMT
expires: Wed, 02 Mar 2022 13:26:12 GMT
cache-control: public, max-age=86400
age: 77638
etag: 48472445140208031
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame 6496 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 6a879f877b6807c3b2d9978affaa3b8dde4fb968bf76c56ab6882278c1a34f8d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 jquery.min.js Show response
ajax.googleapis.com/ajax/libs/jquery/1.6.2/ Frame 8335 89 KB
32 KB 34ms
8ms Script
text/javascript 2a00:1450:4001:811::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jquery/1.6.2/jquery.min.js

Requested by

Host: hal900025.redintelligence.net
URL: https://hal900025.redintelligence.net/request_content.php?s=27882900118575300710624011886025&a=35e6f0d3

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d16d07a0353405fcec95f7efc50a2621bc7425f9a5e8895078396fb0dc460c4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal900025.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 26 Feb 2022 17:07:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 323582
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 32245
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
vary: Accept-Encoding
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 26 Feb 2023 17:07:08 GMT

GET
H/1.1 200
OK mircosoft-300-600%20(1).jpg
cdn.contentspread.net/24i/advertiser/32995/creativesup/ Frame 8335 62 KB
62 KB 64ms
27ms Image
image/jpeg 54.36.108.3
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.contentspread.net/24i/advertiser/32995/creativesup/mircosoft-300-600%20(1).jpg
Requested by: Host: hal900025.redintelligence.net
URL: https://hal900025.redintelligence.net/request_content.php?s=27882900118575300710624011886025&a=35e6f0d3
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 54.36.108.3 , France, ASN16276 (OVH, FR),
Reverse DNS: ns3112796.ip-54-36-108.eu
Software: nginx /
Resource Hash: 5057f7beaa08450682a5418bdce93e9783bd704527406843fb019ea0a52778d4

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal900025.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Wed, 02 Mar 2022 11:00:10 GMT
Last-Modified: Mon, 20 Jun 2016 09:27:03 GMT
Server: nginx
ETag: "5767b6e7-f6a2"
Content-Type: image/jpeg
Connection: close
Accept-Ranges: bytes
Content-Length: 63138

GET
H2 204 current
dclk-match.dotomi.com/match/bounce/ Frame 1517 0
104 B 62ms
30ms Image
text/plain 2a02:fa8:8806:12::1400
VCLK-EU-SE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dclk-match.dotomi.com/match/bounce/current?networkId=14000&version=1&google_gid=CAESEHpl5Lg25bZPMAKWp1Q1leI&google_cver=1&google_push=AYg5qPKUP2tl9zzvvaGEaHN3lsbtoHE6fKgcbj-WqhUEILg5-g67aho6CS-yYS9J2hN3XNlC9bMcSSDqJ_cbYImyeS7RyZe89Js
Requested by: Host: 2fd01d3a1c917271c9e715357d1c4fbe.safeframe.googlesyndication.com
URL: https://2fd01d3a1c917271c9e715357d1c4fbe.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a02:fa8:8806:12::1400 , Singapore, ASN41041 (VCLK-EU-SE, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 02 Mar 2022 11:00:10 GMT
cache-control: no-cache, private, max-age=0, no-store
server: nginx
expires: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 1517
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=4&google_gid=CAESEEIYqVH_fEr3m56no1Sza8A&google_cver=1&google_push=AYg5qPJsyRSX6eqvQ4fidpNyvQhvSJ0iLF3682xR6s0QFEQ1NC7lySDPhambuxCR6ARO0pEj9Aq7cAGmg24mvLS3...
https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=&google_push=AYg5qPJsyRSX6eqvQ4fidpNyvQhvSJ0iLF3682xR6s0QFEQ1NC7lySDPhambuxCR6ARO0pEj9Aq7cAGmg24mvLS39KIj7q2kdg

170 B
188 B

18ms
18ms

Image
image/png

142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=&google_push=AYg5qPJsyRSX6eqvQ4fidpNyvQhvSJ0iLF3682xR6s0QFEQ1NC7lySDPhambuxCR6ARO0pEj9Aq7cAGmg24mvLS39KIj7q2kdg

Requested by

Host: 2fd01d3a1c917271c9e715357d1c4fbe.safeframe.googlesyndication.com
URL: https://2fd01d3a1c917271c9e715357d1c4fbe.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 02 Mar 2022 11:00:10 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Wed, 02 Mar 2022 11:00:10 GMT
Server: MT3 4172 645ee8c master cdg-pixel-x31 config:1.0.0
Access-Control-Allow-Origin: *
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=&google_push=AYg5qPJsyRSX6eqvQ4fidpNyvQhvSJ0iLF3682xR6s0QFEQ1NC7lySDPhambuxCR6ARO0pEj9Aq7cAGmg24mvLS39KIj7q2kdg
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Keep-Alive: timeout=360
Content-Length: 0
Expires: Wed, 02 Mar 2022 11:00:09 GMT

GET
H2

200

i.match
s.tribalfusion.com/z/ Frame 1517
Redirect Chain

https://a.tribalfusion.com/i.match?p=b6&u=CAESEFGFnH-Nwmk6lSOvBklOiz0&google_cver=1&google_push=AYg5qPKFaAUUx1DjGf9A9PaJCQdCuQKrVw1G47c-ZHohx0mLcKzquj2EOTaSjKOMBLBmTUoDFxr20dsPlEVl8t_ZLccPBOmvuVM&r...
https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEFGFnH-Nwmk6lSOvBklOiz0&google_cver=1&google_push=AYg5qPKFaAUUx1DjGf9A9PaJCQdCuQKrVw1G47c-ZHohx0mLcKzquj2EOTaSjKOMBLBmTUoDFxr20dsPlEVl8t_ZLccPBOmvuVM...

43 B
426 B

201ms
194ms

Image
image/gif

2606:4700::6812:d05
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEFGFnH-Nwmk6lSOvBklOiz0&google_cver=1&google_push=AYg5qPKFaAUUx1DjGf9A9PaJCQdCuQKrVw1G47c-ZHohx0mLcKzquj2EOTaSjKOMBLBmTUoDFxr20dsPlEVl8t_ZLccPBOmvuVM&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAYg5qPKFaAUUx1DjGf9A9PaJCQdCuQKrVw1G47c-ZHohx0mLcKzquj2EOTaSjKOMBLBmTUoDFxr20dsPlEVl8t_ZLccPBOmvuVM%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24
Protocol: H2
Server: 2606:4700::6812:d05 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 02 Mar 2022 11:00:11 GMT
cf-cache-status: DYNAMIC
x-function: 302
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
cf-ray: 6e59a0916ccd0e1a-MXP
p3p: CP="NOI DEVo TAIa OUR BUS"
cache-control: no-cache, private
content-type: image/gif; charset=utf-8
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 43
expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 02 Mar 2022 11:00:11 GMT
cf-cache-status: DYNAMIC
x-function: 206
server: cloudflare
x-reuse-index: 238
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
cf-ray: 6e59a08f98920e1a-MXP
p3p: CP="NOI DEVo TAIa OUR BUS"
location: https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEFGFnH-Nwmk6lSOvBklOiz0&google_cver=1&google_push=AYg5qPKFaAUUx1DjGf9A9PaJCQdCuQKrVw1G47c-ZHohx0mLcKzquj2EOTaSjKOMBLBmTUoDFxr20dsPlEVl8t_ZLccPBOmvuVM&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAYg5qPKFaAUUx1DjGf9A9PaJCQdCuQKrVw1G47c-ZHohx0mLcKzquj2EOTaSjKOMBLBmTUoDFxr20dsPlEVl8t_ZLccPBOmvuVM%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24
cache-control: no-cache, private
content-type: text/html
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 1517
Redirect Chain

https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESEE7X1zOD7YOtL6Ic0YLZgVQ&google_cver=1&google_push=AYg5qPKMoWCxcOLioxikiOJ_h5LBRvpa_0lt6Q7PLBBwubT367Rt4xpYUl19p02TZFkJK8gn2eEysuj8...
https://c1.adform.net/serving/cookie/match/?CC=1&party=1&google_gid=CAESEE7X1zOD7YOtL6Ic0YLZgVQ&google_cver=1&google_push=AYg5qPKMoWCxcOLioxikiOJ_h5LBRvpa_0lt6Q7PLBBwubT367Rt4xpYUl19p02TZFkJK8gn2eE...
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=MTI3NzYzMDg1MTI1ODQ2MjQ3MA&google_push=AYg5qPKMoWCxcOLioxikiOJ_h5LBRvpa_0lt6Q7PLBBwubT367Rt4xpYUl19p02TZFkJK8gn2eEysu...

170 B
188 B

19ms
19ms

Image
image/png

142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=MTI3NzYzMDg1MTI1ODQ2MjQ3MA&google_push=AYg5qPKMoWCxcOLioxikiOJ_h5LBRvpa_0lt6Q7PLBBwubT367Rt4xpYUl19p02TZFkJK8gn2eEysuj8BGOsDfSiDFUjHBsDvg

Requested by

Host: 2fd01d3a1c917271c9e715357d1c4fbe.safeframe.googlesyndication.com
URL: https://2fd01d3a1c917271c9e715357d1c4fbe.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 02 Mar 2022 11:00:10 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 02 Mar 2022 11:00:10 GMT
server: nginx
location: https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=MTI3NzYzMDg1MTI1ODQ2MjQ3MA&google_push=AYg5qPKMoWCxcOLioxikiOJ_h5LBRvpa_0lt6Q7PLBBwubT367Rt4xpYUl19p02TZFkJK8gn2eEysuj8BGOsDfSiDFUjHBsDvg
access-control-max-age: 86400
access-control-allow-methods: GET
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length: 0
expires: -1

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 1517
Redirect Chain

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEB45GTpINGvD21AZOw8ftjk&google_cver=1&google_push=AYg5qPK-5ZQCNpxmL2DlNo9KalwRTVMEJ8bLCzMz6FLEv6DS_A9xwRPcVzSavTyOCWYmZ-vHU9T...
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDA5RzZCVlktMi03OEdZ&google_push=AYg5qPK-5ZQCNpxmL2DlNo9KalwRTVMEJ8bLCzMz6FLEv6DS_A9xwRPcVzSavTyOCWYmZ-vHU9TZ5M5ETPzpdoFGsqGHxNo5-O8

170 B
188 B

18ms
18ms

Image
image/png

142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDA5RzZCVlktMi03OEdZ&google_push=AYg5qPK-5ZQCNpxmL2DlNo9KalwRTVMEJ8bLCzMz6FLEv6DS_A9xwRPcVzSavTyOCWYmZ-vHU9TZ5M5ETPzpdoFGsqGHxNo5-O8

Requested by

Host: 2fd01d3a1c917271c9e715357d1c4fbe.safeframe.googlesyndication.com
URL: https://2fd01d3a1c917271c9e715357d1c4fbe.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 02 Mar 2022 11:00:10 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location: https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDA5RzZCVlktMi03OEdZ&google_push=AYg5qPK-5ZQCNpxmL2DlNo9KalwRTVMEJ8bLCzMz6FLEv6DS_A9xwRPcVzSavTyOCWYmZ-vHU9TZ5M5ETPzpdoFGsqGHxNo5-O8
Cache-Control: no-cache,no-store,must-revalidate
Content-Type: text/html
content-length: 0
X-RPHost: a66cbf3142c6ef39e3614b84a34262cf
Expires: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 1517
Redirect Chain

https://s.ad.smaato.net/c/n///-?adNetInit=g&google_gid=CAESEILnX4J-LTMsJ604jbpIpW4&google_cver=1&google_push=AYg5qPLKyAqliQ6oIlEbMt9ZqefcYf2BEEQAccsbC3G6UCzWj7wKcI4D8dlmly85ImU0sSnVd9Ga-74tSQUQSKRY...
https://cm.g.doubleclick.net/pixel?google_nid=smaato&google_push=AYg5qPLKyAqliQ6oIlEbMt9ZqefcYf2BEEQAccsbC3G6UCzWj7wKcI4D8dlmly85ImU0sSnVd9Ga-74tSQUQSKRYPMdqvSAMftI

170 B
188 B

21ms
20ms

Image
image/png

142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=smaato&google_push=AYg5qPLKyAqliQ6oIlEbMt9ZqefcYf2BEEQAccsbC3G6UCzWj7wKcI4D8dlmly85ImU0sSnVd9Ga-74tSQUQSKRYPMdqvSAMftI

Requested by

Host: 2fd01d3a1c917271c9e715357d1c4fbe.safeframe.googlesyndication.com
URL: https://2fd01d3a1c917271c9e715357d1c4fbe.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 02 Mar 2022 11:00:10 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Wed, 02 Mar 2022 11:00:10 GMT
via: 1.1 5b9a6276a0cfe21df57da85d975de2dc.cloudfront.net (CloudFront)
server: CloudFront
x-amz-cf-pop: DUS51-P1
x-cache: FunctionGeneratedResponse from cloudfront
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location: https://cm.g.doubleclick.net/pixel?google_nid=smaato&google_push=AYg5qPLKyAqliQ6oIlEbMt9ZqefcYf2BEEQAccsbC3G6UCzWj7wKcI4D8dlmly85ImU0sSnVd9Ga-74tSQUQSKRYPMdqvSAMftI
cache-control: no-cache, must-revalidate
content-length: 0
x-amz-cf-id: evuFq7nEnfYZJcfDa1m2x4ZjItUmVr5_hdcp-sPRYw3UYzcdQD_SCg==

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 1517
Redirect Chain

https://eb2.3lift.com/ebda?sync=1&google_gid=CAESENlFKoBBMaxrwpKcjnmzCl4&google_cver=1&google_push=AYg5qPIQo94BcVlNs25fcVMu4SwDvYo2jEv10GPsiEdeqbrabCDEILiYnFUKoa5fOyA7J2KQTPIP5fZebT5CQk29DrqOlHhiIkc
https://eb2.3lift.com/sync/google/supply?ld=1&gdpr=1&cmp_cs=&us_privacy=&sync=1&google_push=AYg5qPIQo94BcVlNs25fcVMu4SwDvYo2jEv10GPsiEdeqbrabCDEILiYnFUKoa5fOyA7J2KQTPIP5fZebT5CQk29DrqOlHhiIkc&googl...
https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=MjQ1ODg1ODI5NDUzMDUzNTYwMjk5Mw%3D%3D&google_push=AYg5qPIQo94BcVlNs25fcVMu4SwDvYo2jEv10GPsiEdeqbrabCDEILiY...

170 B
188 B

20ms
19ms

Image
image/png

142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=MjQ1ODg1ODI5NDUzMDUzNTYwMjk5Mw%3D%3D&google_push=AYg5qPIQo94BcVlNs25fcVMu4SwDvYo2jEv10GPsiEdeqbrabCDEILiYnFUKoa5fOyA7J2KQTPIP5fZebT5CQk29DrqOlHhiIkc

Requested by

Host: 2fd01d3a1c917271c9e715357d1c4fbe.safeframe.googlesyndication.com
URL: https://2fd01d3a1c917271c9e715357d1c4fbe.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 02 Mar 2022 11:00:10 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=MjQ1ODg1ODI5NDUzMDUzNTYwMjk5Mw%3D%3D&google_push=AYg5qPIQo94BcVlNs25fcVMu4SwDvYo2jEv10GPsiEdeqbrabCDEILiYnFUKoa5fOyA7J2KQTPIP5fZebT5CQk29DrqOlHhiIkc
date: Wed, 02 Mar 2022 11:00:10 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame 1517 0
12 B 22ms
21ms Image
text/html 142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13KEX_o6Q0AAcen6Iw3Ch5v1hm2zC50SJ24JyGbRrwME_lFomE32WSIwyeu5qFKaQBQEkdVQ

Requested by

Host: 2fd01d3a1c917271c9e715357d1c4fbe.safeframe.googlesyndication.com
URL: https://2fd01d3a1c917271c9e715357d1c4fbe.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 02 Mar 2022 11:00:10 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 40F8 0
20 B 45ms
44ms Image
image/gif 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BoRX0Ok4fYqXkGO797_UP-Ly8oAEAAAAAOAHgBAI&bg=!-Pul-7_NAAYFuXAgBbk7ACkAdvg8WgZAzobPMSbfshZno9LB5IQYV0c6p_kTy6-lAw077Rb2A5OP-AIAAACrUgAAAAJoAQcKADJh2mSbVP3OOcPRxqfPeG8R5STeZ49evu3w_fF2CxuOpMwqP4W0DXHTsC-shOcqnDlP6JkC6hza4Su-MaEWdXTOA9FgLanM0EQM9tKrPBZgMXjdzCv78AF5j_LL0nKde2xh91Etqq_0hb6ruPFviGHsSA6rOGY2i_4pPN95TulXlEVM43JKXqywTOvQ2UQmGbO1kEt-EgBU6kgrZ2CbG3URgbQz1XOduOmmeSwLCaJFx_SVB0sNzUdlu20QQkJ5C4zgLj3-jx2L7trPDi8vigKZzJdCTR6uhK9ekuw-Ddh4VuUdoz7vhj4qeYoxDZBHeUt9ezvTDQ42e79VkjFxOi-_Jk1cMYTEJ0gW_iuPXG2UjajDS7j6hMYcxk2W4koWJBlQE-P2JTGoq2nPsiWT-X5RAqiOLp1CuqVpLIZTezkQjZ59lFJvk0seFA1mQgVNVcO_zisTPtCFm-6o3jnEJOuoPieZKfAjvgvFL67mP3S48MY2MQzMCDd3M6yZPxd0n_Gy9DOFmcnRXUrH_XgmppQHCvLmB8INaY0G-7FlEz36HVQCBIKTG0RSG6AHMHzEtiJIJhjUKJyyigQ3l42hC4_QqKvzSniwoVlyV7gHJ2D6G42WiriKVWKjsgUGlcJQMcDMqg9M2ppxeopzUcYGXJjFE9IyGctOpJxQDzrAE4nuckNxxjefKLHmO0FDUGhuFLquHs5obdpywi15SpTp9nde3YJlGNNsQWLAGn7YHKu_JRpI7eqRrN2Y-4TGqyTfiV8h_zqRRd1Q_EYY_mlv-2vB8hFsdHezjAL9SwYJHo83Sc3nSuv_VwEJwBfFc-q0g9pGtR2g-0hiRTTgmd88Hz8A3k-mm2DuInQmHXswbRq8UFVZGdBc2UplUuI-5psD66q_iTB2v6UqE7YoWIPn6YBtWvvs_OTuQwlyHavg9DdGJVoaF2zXevfgM7tEFi2CqtYyN4jTZOVpXCJKyd_vU7AgbWrKRpcFOlgwG4SpWjXD53gmFEpc1cgUetUEbq7VaJyqhm8uTeYAymju1NpuYNqEqKNMe7sBoZdO5Crf9JSD

Requested by

Host: 2fd01d3a1c917271c9e715357d1c4fbe.safeframe.googlesyndication.com
URL: https://2fd01d3a1c917271c9e715357d1c4fbe.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 02 Mar 2022 11:00:10 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK viewability Show response
hal900025.redintelligence.net/ Frame 8335 0
150 B 35ms
12ms Script
text/html 138.201.84.245
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900025.redintelligence.net/viewability?s=27882900118575300710624011886025&a=3ec8f66a&vb=m
Requested by: Host: hal900025.redintelligence.net
URL: https://hal900025.redintelligence.net/request_content.php?s=27882900118575300710624011886025&a=35e6f0d3
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.84.245 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.245.84.201.138.clients.your-server.de
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal900025.redintelligence.net/request_content.php?s=27882900118575300710624011886025&a=35e6f0d3
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Wed, 02 Mar 2022 11:00:10 GMT
Server: Apache
Connection: close
Content-Length: 0
Content-Type: text/html; charset=UTF-8

GET
DATA 200
OK truncated
/ Frame 8335 43 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type: image/gif

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 42ms
42ms Image
image/gif 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=225&t=2&li=gpt_2021111701&jk=2999208834577887&bg=!zs2lzYnNAAYFuXAgBbk7ACkAdvg8Wlg6Jl2ZHAAI9Xhd4cONzUaLNmyqO6y9IWAQK9-zUZpDn5MG8gIAAACTUgAAAANoAQeZApMSVCeXnT13QcwmPL4AbY_EUYdTv-RCFVG3rZi1kaKnGYDJZDOOuXwidNMYwuojvN0uoLVygjeQUEzM8mkldBIKpx1tK2YqDr2t0nJiOa7WLSzIFGpN4nIxqHF-mQkFLUgPnGBbiQXrdgbCEbh8kpI8RctiO5r7iR7c7M62Wo4hAH-MWNXDFOqPc1cqy6AVlnXnTqorckoMgAkTzDCeMJ58f8FZfDdIl3AMCcUtYa--F9EnbiZ18b_nAPDmNQiBCON1erwkrGFKOZHpWGUIWi7Ub_ciggoB5eqNiSwfpIn5HbVk1svAjoYALZHNnDhndCBlT5slHzwQmNc97VDSGUxca1kAt8Eto_kn9TO8DQvj810zPHJm9lSFV_-avZ-YRoSWznMCC4rd972fg_nMC15PfPKwcY0uoPOdMIKIvTW3znvRwIBpgzDLAnO2leSnhbhZBPj2xvCuC2ZYf98ADYbfmvcNmTMql_Hz_zDL60d6ui6-e_pZiL8o5YCzZM4fe95RwwQrkm52YQR982uUyb8l5qVsFZLD2g-f1JgMfngHkOLvFPn7OgqCA_lq4TfDrETeIOW0oI9eG7Catu62f_agDhnU4EE0axUvVYYpuxkDKWZo36t062so7yyOfJeD_vi3kyCq7MW2o2ZQPe-ghACrzkIHAoFr9EC-sNPl8fP4vatcy9X1t8nPji6lgeyKeEO1p9cAYGY4qhLEUHkfFM59UmZ2wUBLQe-0ARUjQKs2J-6ofdQylXrfi-nG-gY7kJjBXOCzlhM6In_08PyVj4IUJjOAfxNLFHh0c5I_FN3SvIPyFg0y-TNC0Nm-YuWToXaknaCIpV7cM7WSb0nv_fo8Hj028thsQgIMk9Uz3FVWxA21Jw

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://flortactheo.gq/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 02 Mar 2022 11:00:11 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 12ms
9ms Image
image/gif 2a00:1450:4001:810::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j96&a=113841053&t=event&ni=1&_s=12&dl=http%3A%2F%2Fflortactheo.gq%2F&ul=en-us&de=UTF-8&dt=Gdzie%20inwestowa%C4%87%20w%20Gda%C5%84sku%3F%20%E2%80%93%20Wiadomo%C5%9Bci%20Nieruchomo%C5%9Bci%20Wprost&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=VisitTime&ea=Timer&el=%3E%205%20sec&_u=aADAAUABAAAAAC~&jid=&gjid=&cid=1585783081.1646218810&tid=UA-8969414-2&_gid=1073739330.1646218810&gtm=2ou2s0&z=2143085312

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://flortactheo.gq/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 02 Mar 2022 10:25:11 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 2103
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

POST
H3 204 collect
www.google-analytics.com/g/ 0
17 B 18ms
15ms Ping
text/plain 2a00:1450:4001:810::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.google-analytics.com/g/collect?v=2&tid=G-76JW1KVZM8&gtm=2oe2s0&_p=113841053&sr=1600x1200&ul=en-us&cid=1585783081.1646218810&dl=http%3A%2F%2Fflortactheo.gq%2F&dt=Gdzie%20inwestowa%C4%87%20w%20Gda%C5%84sku%3F%20%E2%80%93%20Wiadomo%C5%9Bci%20Nieruchomo%C5%9Bci%20Wprost&sid=1646218809&sct=1&seg=0&_s=2
Requested by: Host: www.googletagmanager.com
URL: http://www.googletagmanager.com/gtag/js?id=G-76JW1KVZM8&l=dataLayer&cx=c
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: http://flortactheo.gq/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Wed, 02 Mar 2022 11:00:14 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: http://flortactheo.gq
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

349 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

30 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
flortactheo.gq/	1970-01-20 01:27:03	Name: __oagr Value: true
.flortactheo.gq/	1970-01-20 03:26:34	Name: _gcl_au Value: 1.1.896691886.1646218810
.flortactheo.gq/	1970-01-20 03:26:34	Name: _fbp Value: fb.1.1646218809585.1435483099
.facebook.com/	1970-01-20 03:26:34	Name: fr Value: 0mhxBk3TZA2XvrKxq..BiH045...1.0.BiH045.
.flortactheo.gq/	1970-01-20 10:45:46	Name: __gfp_64b Value: ajy8I0yxkP1drsRlD_SdNyj2ilSmuo86545OO2o1BF3.f7\|1646218809
.flortactheo.gq/	1970-01-20 18:48:10	Name: _ga Value: GA1.2.1585783081.1646218810
.flortactheo.gq/	1970-01-20 01:18:25	Name: _gid Value: GA1.2.1073739330.1646218810
.flortactheo.gq/	1970-01-20 01:16:58	Name: _gat_gtag_UA_8969414_2 Value: 1
.flortactheo.gq/	1970-01-20 10:02:34	Name: deepbi_firstparty_cookie Value: cl09g6b1h0m3aei49bv
.flortactheo.gq/	1970-01-20 01:17:00	Name: deepbi_user_session Value: b3491324-5de4-449c-8d89-bbb8f7540703\|2
.hit.gemius.pl/	1970-01-20 01:27:03	Name: Gtest Value: KlxPCMXGQMQG1L4c1XuLTaXissGMXP8c25nSGoREOUD8XBG.
.flortactheo.gq/	1969-12-31 23:59:59	Name: deepbi_user_deepcookie Value: l09g6b8m-2l4q79b
.hit.gemius.pl/	1970-01-20 10:45:46	Name: Gdyn Value: Klx3tMaGQMQG1L4c1XuLTaXissGMXP8c25nSGoREOUD8FRxSG7RrGS6GuofBFlMMYH7hRjBGqSRxSG8.
.doubleclick.net/	1970-01-20 10:38:34	Name: IDE Value: AHWqTUnBNAWlQr8i5_rAYRTRKspjD6PY8nR9WOS_dW3FRXwOaVzqBDvv9OKLRJ81Hv8
.flortactheo.gq/	1970-01-20 10:38:34	Name: __gads Value: ID=c4f49dec715d3aab:T=1646218809:S=ALNI_MZAhf6KHJvG-PDcdLy9DTCR0_TIhw
.flortactheo.gq/	1970-01-20 18:48:10	Name: _ga_76JW1KVZM8 Value: GS1.1.1646218809.1.0.1646218810.0
.adnxs.com/	1970-01-20 03:26:34	Name: uuid2 Value: 401306839931944328
.casalemedia.com/	1970-01-20 03:26:34	Name: CMPS Value: 3184
.redintelligence.net/	1970-01-20 03:26:34	Name: 8lcfmzhxc8d6_uid Value: 250da9a8207ff578
.casalemedia.com/	1970-01-20 01:18:25	Name: CMST Value: Yh9OOmIfTjoA
.adnxs.com/	1970-01-20 03:26:34	Name: anj Value: dTM7k!M41.D>6NRF']wIg2Ilbf344_!]tbPl1M>e)ZlrFUfJ+tGXvWBISchQnZJmN9z0$TChKC^Lf)YZS$rModLq3If)y3KL9D3I?+^fZO4(
.casalemedia.com/	1970-01-20 10:02:34	Name: CMID Value: Yh9OOlaZIjudXSfHlWKpXAAA
.casalemedia.com/	1970-01-20 03:26:34	Name: CMPRO Value: 1155
.casalemedia.com/	1970-01-20 10:02:34	Name: CMRUM3 Value: 2d621f4e3a2760CAESEO7Kol4vzM_8rwwv_js6SMY
.3lift.com/	1970-01-20 03:26:34	Name: tluid Value: 2458858294530535602993
.mathtag.com/	1970-01-20 10:42:54	Name: uuid Value: 2bca621f-4e3a-4b00-8bc6-aebbb3d7d4ce
.mathtag.com/	1970-01-20 02:00:10	Name: mt_mop Value: 4:1646218810
.adform.net/	1970-01-20 02:01:37	Name: C Value: 1
.adform.net/	1970-01-20 02:43:22	Name: uid Value: 1277630851258462470
.tribalfusion.com/	1970-01-20 03:26:34	Name: ANON_ID Value: a5nsIHsjyDimTFM6F0NFqv6qrmPf4FE1EpmcBVqcKW0IBLQOuO5ZdjjIH0Uy7sYZajWUZdHyXyFrBZaQjxkWQ0DHDqnQ

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: http://flortactheo.gq/hits.php Message: Failed to load resource: the server responded with a status of 404 (Not Found)
javascript	warning	URL: http://flortactheo.gq/ Message: The resource https://img.wprost.pl/img/mlyny-gdanskie-sa-efektem-polaczenia-inspiracji-historyczna-zabudowa-gdanska-ze-wspolczesna-architektura-oraz-nowoczesnymi-rozwiazaniami/5b/fe/cee17864dc7f5e599a89712f12c8.jpeg was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

2fd01d3a1c917271c9e715357d1c4fbe.safeframe.googlesyndication.com
a.tribalfusion.com
adservice.google.com
adservice.google.ru
advice.hit.gemius.pl
ajax.googleapis.com
api.deep.bi
c1.adform.net
cdn.contentspread.net
cm.g.doubleclick.net
connect.facebook.net
dclk-match.dotomi.com
dsum-sec.casalemedia.com
eb2.3lift.com
flortactheo.gq
get.optad360.io
googleads.g.doubleclick.net
hal9000.redintelligence.net
hal900025.redintelligence.net
ib.adnxs.com
img.wprost.pl
ls.hit.gemius.pl
pagead2.googlesyndication.com
pixel.rubiconproject.com
s.ad.smaato.net
s.tribalfusion.com
scoring.deep.bi
securepubads.g.doubleclick.net
stats.g.doubleclick.net
sync.mathtag.com
tpc.googlesyndication.com
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.googleadservices.com
www.googletagmanager.com
www.googletagservices.com
138.201.63.117
138.201.84.245
142.250.185.130
142.250.186.66
142.250.186.98
146.59.30.96
185.11.128.205
185.29.134.248
185.33.220.145
2.18.234.21
2600:9000:206f:5800:11:a4de:2580:93a1
2600:9000:224a:6200:1b:5138:8a40:93a1
2606:4700:10::6816:28b9
2606:4700:10::ac43:c60
2606:4700:20::681a:e1b
2606:4700::6812:d05
2a00:1450:4001:802::2002
2a00:1450:4001:803::2002
2a00:1450:4001:803::2003
2a00:1450:4001:808::2001
2a00:1450:4001:808::2004
2a00:1450:4001:80e::2002
2a00:1450:4001:810::200e
2a00:1450:4001:811::200a
2a00:1450:4001:82a::2001
2a00:1450:4001:830::2002
2a00:1450:4001:831::2008
2a00:1450:400c:c00::9b
2a02:fa8:8806:12::1400
2a03:2880:f02d:12:face:b00c:0:3
2a03:2880:f11c:8083:face:b00c:0:25de
2a06:98c1:3121::7
37.157.4.41
54.36.108.3
69.173.144.139
76.223.111.18
0643484d67311199055be01407f32b3310fec6a59fe9e85107ba5f41f19a2cf2
083ec931e5517a4ab713afbe9561e72b9186cb54e21b8b1eface9caefb54a966
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
147124bcfc56bf9fe848b7ddbdc91c3e00ebb9aa1604d2f1e2a74dc28b34e775
15b869b02c6fbaa8c6c26445a2dd2d9bad80fd27b1409f8179e5dd89dc89d90a
16a58cfce70f7aff373eef18d2b420da6e8831018028c0f434341ac8d6e876d0
1b019dba654b6a670ff83612cc866453fac6b389c1da4832159f340ead53081a
225aa88b6ab02c06222ec9468d62e15fa188e39cdb9431d1f55401ad380753ed
22e730c5e58a487c838bda5b1a08e1b2a0d537371c08d4a01c56593ed8160ee6
24fa35573d7e0db487ed379dc1ce2d72776d89129804568e1e5d1dccdfd3a27d
27bcdc67e32fef9bdd86b785b1bafadd7f6915c49f6b49bed86bfbddf414b2f8
2d16c6bf2e25e475f0971bc6e839faa49e350a764a9e760053b613a0aab1d5f6
2df81adb8a02c3a688fb295321cee269c053ed3c4d4c5bed2ec6484987b34ee3
2ea665fc0455d38b414a5a31a72f3a8e3a3054b6d3f224d73d5d9057f6b2d3db
331e14f7226ecaea46e85f54db23f4e7a434969120e39c1a54a8087807ddf830
35afb774f93baadbff26bddc324582f3ddb6709f1ee3ed7dca47392db7fdc981
3650d40555b65c92b0a701dcb52783d0dc3d6b8bdd2c70dfaf3f8798635be492
383f95a75b02bb1370e93c9c3c6b9f060a98dbe492b16d8e1da3f653a800e435
3932943c42751eb7007d21192da9999a6ee0bd453157a61b0083c13836875912
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517
42029e6774581c9691e7a855bab8e412602160a2592cb13574e6a9b9e0f390a8
421826ba172a54d9fd676a0a6ec9d635c3f2210aba81b270d1505c8c653ae4ff
42b21abbca1944f3630cf12ce218a16eed50f9673faf100047ca61341e318b80
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
4869d34286cf7e51f09f762190d338474a1489c7afa78a873b6eb05eba5cad0b
48c3fa6f86c54f1d9bb519220713d4b0a1f8cd1a589a3c03b9fa82e98ecb13e3
4b3831496d24be5acab94c157b020285e22c3d16009bb8961572d1ff5221eaae
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4c84629456a70df1137ab4bdcddba32050a2524568912630c2538746cbbcdc51
4de28a05e0b438d5800c7dd1345e0ec1a63da96a9e2ad0a65d43203cd91d48ed
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
5057f7beaa08450682a5418bdce93e9783bd704527406843fb019ea0a52778d4
53b907326f7c21a04f6d39cc32ff471aafec57d887feabfabb53394f378c659f
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
5becbc936c15ff90857967205040c247e0f8a58b4fcbac94763ed3a61e059210
5d62e6c90005bfb71f6abb440f9e4753681cb23bbd5e60477ab6f442d2f0e69c
5f416547d36ab9ef1af8bd30eb509bd63c961ffe240096d7bc6e4a9162eb10df
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
62c29e5063bc5a13f218a3155a2fcf5424e4a980cb745dc69ecf3011a400ce0c
662c42d2b9d5c15f548ec750617d497cea2d63158b7aa9953ac97e20dc3bfb99
66d40d6d50a3a93dffb20255fecae710778d487d96aca96983fe32033309e72d
68026f99511fbc5c2275b7068b5fac19797d638977ffb9db12c5c1523614c18f
6a879f877b6807c3b2d9978affaa3b8dde4fb968bf76c56ab6882278c1a34f8d
6d388ca148b544573e51b3b9b0bad02dcead9b7085bd0bccabb8a041ceccdf64
6e13e58861d0d8000aa6c0b58204094359a1614ab079848ba8ba3a7f06028066
6e8da9c93695d9066c06a0ff4ad814559e5c186cb7fc93e31a499183e14cdc92
779de053872046185bd650f7e2ffb8b4f1e0ee5f9b2bc73711dbf00f2abc6b28
78846cd447e707433f6738f125e4363950957a9591902528c1a4d3d5cab27ee0
7a486a39b72d381e82e3ffe4e1ce441631f7b32238cd00b39611f4bbd36af06f
7d6c3674785d0db6ea9c952d6389ad37ac07753cd0161fb0b6f7e0081153f316
7fd9273f20fdb1229c224341271a119020a5eee74ccf6b4605730917c864caf2
8067ebedbe560e9197bd73675a916a0c8608c981bce15196838492731565bcbb
813d68061248785859a089791ba33f25cf9e90e565fa62e5848d88224fc00e9d
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
8d8aa9c2c3798099cba43890c7808bfb34b70dbc853177ef287b50bc28161911
919462eb23533d6a32db8faf732b4d7dafa39f69d32bff2a6905748fedf47bcb
985f2302220a754d88db894391711dbc1e9ff6727ee5ccacf94a5afbc65189e3
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
9c7543f17ece99c6b9fc15cd93856cf12e5f8945284a5dbeb926bbb4ac81be73
9f727d50447a9481cdb0ec1bd66483abf8c8deb564a0fa5ca7dafc13fd8d9aa8
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
a15808eec53e76dc564e7f6f7e26ff3a52cb2cb13d847d3b3b1f0d4bbc6f04e5
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
a30babf05171e9a7d1d3b04e2731bdaae815370dc6d05ee31914f3249fee9490
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
ab106619cd53cba1c09e1b3aedcf87dc90958fef3b886f9107a0ae94f5dd7733
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b4aee7661321203f130151e68ffe5c6225ce133469bc7811f0c08c49fb0fcc45
bc05dabb6d716be66e491fb1e685d4d1c48ceeecb8e5d76254ba22457fffcde9
bc757d6121e94183a42f5ef8e5a9b1d0a65ed643cb07bd8e6f860401bbc89fd1
bd7680f0d4768bf17b38b5834d7671e6e456d9655b4ae3cb39186d1fcd93f5c2
c01351f6b65ecb4efde549618c748755dec43b369bec2897260f7f4ec05aebbe
c79b7506033f731f036b8c0da54494d539ddb31a06a0266c6189a4990f1d13cc
c867104326e3c4b658209d8e5bcea0900aaf7fbc2bbc181ca01c482cac2810f3
cc450ca6f3818ff2ad8eae3a10277a1018c541e862cb5b9a34466a813e544bd0
cd45d2187d9416f2c37beaa4fb34161916d7c354d0a169139828b2bced9166a0
cf948899924f946ab7bd10ad4c35c443abf612b6b312eb6a66987d622ee05bec
d16d07a0353405fcec95f7efc50a2621bc7425f9a5e8895078396fb0dc460c4f
d23c6c35e02d267d4ce46c0e9b197720d883ac35a6f608393c9964ff5831d603
d7c4b870733c836a4e6688f1d748901c9b766f678418dd321a4af64de93e20ec
dc6aa291217a39c090896ceca42dde661767f883062d581a6074b3c27b72d6af
ddbe92e7c31a4aac4c2a7e4b8ea9659a24c8f8d1a80a63d5c4b2c8db104410e3
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e
e66998934cd8408cfacf7393cd0243727cca5ee398e65d7e26f28e54c4388d6e
e6da099f98e79188b479b8e3d8be836b73411e02da2dba4e8ac8ccb8f2b98b59
e997cf742dedb6584ef50c3dc8d27a73bfdccf5a889b792cf8d98a1d5f0af9fb
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
ef6bc03a26bf3dbb80a22a2eaf54523f07a7aebac158bcd69d58bd5a13cc9351
f4231e6435e26e6cbd926387d7d59bd67745bae47173ffc868631c4138d80f55
f8b3082371bd6a0093087b633647e5a3f3ec1ef0e97e982814f86821f8512bfc
fd5e88b0f2cc6fb839016d92d209e99cefce24f4ff6bca4c5ab02bc8c2b1ffe0

flortactheo.gq Open in urlscan Pro 2a06:98c1:3121::7 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

138 Requests

51 %HTTPS

61 %IPv6

28 Domains

38 Subdomains

32 IPs

9 Countries

1868 kBTransfer

4143 kBSize

30 Cookies

21 Outgoing links

Redirected requests

138 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 2 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

flortactheo.gq Open in urlscan Pro
2a06:98c1:3121::7 Public Scan

Screenshot
Live screenshot

Full Image

138
Requests

51 %
HTTPS

61 %
IPv6

28
Domains

38
Subdomains

32
IPs

9
Countries

1868 kB
Transfer

4143 kB
Size

30
Cookies

138 HTTP transactions
2 data transactions